heroinvesting.com Open in urlscan Pro
2606:4700:3036::ac43:9447 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Submission: On June 13 via api (June 13th 2023, 8:07:28 pm UTC) from US — Scanned from DE

Summary HTTP 230 Redirects Behaviour Indicators

Summary

This website contacted 81 IPs in 7 countries across 62 domains to perform 230 HTTP transactions. The main IP is 2606:4700:3036::ac43:9447, located in United States and belongs to CLOUDFLARENET, US. The main domain is heroinvesting.com. The Cisco Umbrella rank of the primary domain is 551333.
TLS certificate: Issued by E1 on May 3rd 2023. Valid for: 3 months.

This is the only time heroinvesting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
23	2606:4700:303... 2606:4700:3036::ac43:9447	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223f:ca00:3:6d3c:dac0:93a1	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
9	2606:4700:e2:... 2606:4700:e2::ac40:8004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:440... 2606:4700:4400::6812:2bda	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700:10:... 2606:4700:10::6816:227b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
7	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
3	13.224.192.181 13.224.192.181	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
4	94.130.203.123 94.130.203.123	24940 (HETZNER-AS) (HETZNER-AS)
7	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f08... 2a03:2880:f084:105:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
2	74.118.184.143 74.118.184.143	26120 (RHYTHMONE) (RHYTHMONE)
1	77.245.57.72 77.245.57.72	36057 (WEBAIR-IN...) (WEBAIR-INTERNET-MTL)
1	23.218.209.56 23.218.209.56	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:372	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	216.52.2.30 216.52.2.30	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
3	34.149.20.76 34.149.20.76	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	35.158.192.151 35.158.192.151	16509 (AMAZON-02) (AMAZON-02)
2	35.163.232.44 35.163.232.44	16509 (AMAZON-02) (AMAZON-02)
1	104.18.25.185 104.18.25.185	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	157.245.87.200 157.245.87.200	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	185.86.139.95 185.86.139.95	201081 (SMARTADSE...) (SMARTADSERVER)
3	50.18.220.217 50.18.220.217	16509 (AMAZON-02) (AMAZON-02)
9	2602:803:c004... 2602:803:c004:200::140	26667 (RUBICONPR...) (RUBICONPROJECT)
1	54.241.14.1 54.241.14.1	16509 (AMAZON-02) (AMAZON-02)
2	147.28.129.37 147.28.129.37	54825 (PACKET) (PACKET)
1	34.149.50.64 34.149.50.64	15169 (GOOGLE) (GOOGLE)
3	142.93.54.172 142.93.54.172	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	69.166.1.8 69.166.1.8	27630 (AS-XFERNET) (AS-XFERNET)
3	54.149.117.181 54.149.117.181	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	65.9.66.68 65.9.66.68	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:225... 2600:9000:2250:f600:a:e047:753:be1	() ()
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 6	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
2	35.190.39.111 35.190.39.111	15169 (GOOGLE) (GOOGLE)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.219.150.145 54.219.150.145	16509 (AMAZON-02) (AMAZON-02)
2	162.19.138.116 162.19.138.116	16276 (OVH) (OVH)
1 2	2a02:2638:d::d 2a02:2638:d::d	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	74.119.118.149 74.119.118.149	19750 (AS-CRITEO) (AS-CRITEO)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
22	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	23.212.211.47 23.212.211.47	16625 (AKAMAI-AS) (AKAMAI-AS)
1	67.202.105.24 67.202.105.24	32748 (STEADFAST) (STEADFAST)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
2	146.190.64.207 146.190.64.207	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	23.218.208.23 23.218.208.23	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.18.10.47 104.18.10.47	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	37.157.6.237 37.157.6.237	198622 (ADFORM) (ADFORM)
1	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
3	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 3	3.124.103.237 3.124.103.237	16509 (AMAZON-02) (AMAZON-02)
1 1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
1	23.218.208.209 23.218.208.209	16625 (AKAMAI-AS) (AKAMAI-AS)
2 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	52.94.223.167 52.94.223.167	16509 (AMAZON-02) (AMAZON-02)
3 5	69.173.144.138 69.173.144.138	() ()
4 6	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
3 5	52.46.128.147 52.46.128.147	() ()
4 4	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	2a05:d018:d29... 2a05:d018:d29:3605:c83d:8690:f97d:d99a	() ()
1	2620:1ec:21::14 2620:1ec:21::14	() ()
1 1	46.228.164.11 46.228.164.11	() ()
2 2	54.177.234.125 54.177.234.125	() ()
1 1	18.224.253.134 18.224.253.134	() ()
2 2	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
1	104.18.11.47 104.18.11.47	13335 (CLOUDFLAR...) (CLOUDFLARENET)
230	81

23 2606:4700:3036::ac43:9447 (United States)

ASN13335 (CLOUDFLARENET, US)

heroinvesting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.heroinvesting.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:ca00:3:6d3c:dac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

adgarden.market	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:e2::ac40:8004 (United States)

ASN13335 (CLOUDFLARENET, US)

vrl9rgsahh7mx6ndn.ay.delivery	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:2bda (United States)

ASN13335 (CLOUDFLARENET, US)

static.vidazoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:10::6816:227b (United States)

ASN13335 (CLOUDFLARENET, US)

static.kueezrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.kueezrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.kueezrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.followsports.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.181 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-181.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 94.130.203.123 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.123.203.130.94.clients.your-server.de

api.assertcom.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

scontent-fra3-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

scontent-fra3-2.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.118.184.143 (United States)

ASN26120 (RHYTHMONE, US)

targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)

cpm.catapultx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.209.56 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-209-56.deploy.static.akamaitechnologies.com

a.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:372 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.149.20.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.158.192.151 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-192-151.eu-central-1.compute.amazonaws.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.163.232.44 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-163-232-44.us-west-2.compute.amazonaws.com

hb.minutemedia-prebid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hb.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.25.185 (None, )

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 157.245.87.200 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

prebid.cootlogix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.139.95 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.18.220.217 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-50-18-220-217.us-west-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2602:803:c004:200::140 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.241.14.1 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-241-14-1.us-west-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.28.129.37 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.50.64 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 64.50.149.34.bc.googleusercontent.com

s.seedtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.93.54.172 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

exchange.kueezrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.8 (United States)

ASN27630 (AS-XFERNET, US)

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.149.117.181 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-149-117-181.us-west-2.compute.amazonaws.com

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-68.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:f600:a:e047:753:be1 (United States)

ASN- ()

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.39.111 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.219.150.145 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-219-150-145.us-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.116 (France)

ASN16276 (OVH, FR)
PTR: ns31533567.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:d::d (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.118.149 (United States)

ASN19750 (AS-CRITEO, US)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.212.211.47 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-211-47.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.24 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.190.64.207 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

sync.kueezrtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.cootlogix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.208.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-23.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.10.47 (None, )

ASN13335 (CLOUDFLARENET, US)

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.237 (Denmark)

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: NET-33-132-192.46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.124.103.237 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-103-237.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.208.209 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-209.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.94.223.167 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 69.173.144.138 (None, ) 3 redirects

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.46.128.147 (None, ) 3 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.139 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:c83d:8690:f97d:d99a (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (None, )

ASN- ()

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.177.234.125 (None, ) 2 redirects

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.224.253.134 (None, ) 1 redirects

ASN- ()

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.215 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.47 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 127 tpc.googlesyndication.com — Cisco Umbrella Rank: 154 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com	1006 KB
23	heroinvesting.com heroinvesting.com — Cisco Umbrella Rank: 551333 cdn.heroinvesting.com	482 KB
20	rubiconproject.com 7 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 526 eus.rubiconproject.com — Cisco Umbrella Rank: 627 pixel.rubiconproject.com token.rubiconproject.com — Cisco Umbrella Rank: 636	61 KB
18	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 cm.g.doubleclick.net — Cisco Umbrella Rank: 248	220 KB
11	amazon-adsystem.com 5 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com Failed aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1023 s.amazon-adsystem.com	67 KB
11	kueezrtb.com static.kueezrtb.com — Cisco Umbrella Rank: 44771 u.kueezrtb.com — Cisco Umbrella Rank: 51570 track.kueezrtb.com — Cisco Umbrella Rank: 22550 exchange.kueezrtb.com — Cisco Umbrella Rank: 12220 sync.kueezrtb.com — Cisco Umbrella Rank: 13936	86 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 388	218 KB
9	casalemedia.com 2 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 589 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 490 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 612	8 KB
9	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 668 scontent-fra3-1.xx.fbcdn.net — Cisco Umbrella Rank: 12614 scontent-fra3-2.xx.fbcdn.net	158 KB
9	ay.delivery vrl9rgsahh7mx6ndn.ay.delivery — Cisco Umbrella Rank: 309658	274 KB
8	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 106 www.google.com — Cisco Umbrella Rank: 3	2 KB
4	yahoo.com 3 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
4	gstatic.com fonts.gstatic.com	80 KB
4	cootlogix.com prebid.cootlogix.com — Cisco Umbrella Rank: 6047 sync.cootlogix.com — Cisco Umbrella Rank: 2960	1 KB
4	bidswitch.net 2 redirects grid.bidswitch.net — Cisco Umbrella Rank: 1067 x.bidswitch.net — Cisco Umbrella Rank: 356	1 KB
4	33across.com ssc.33across.com — Cisco Umbrella Rank: 4542 lexicon.33across.com Failed ssc-cms.33across.com — Cisco Umbrella Rank: 1135	701 B
4	assertcom.de api.assertcom.de — Cisco Umbrella Rank: 13069	1 KB
3	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 385	793 B
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	3 KB
3	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 413 mug.criteo.com — Cisco Umbrella Rank: 2161	7 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1359 google-bidout-d.openx.net — Cisco Umbrella Rank: 1367	737 B
3	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 785 id5-sync.com — Cisco Umbrella Rank: 427	19 KB
3	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 1810	2 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1222	2 KB
3	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1553	2 KB
3	followsports.com cdn.followsports.com — Cisco Umbrella Rank: 557000	3 MB
2	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 472	2 KB
2	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 692 cdn.indexww.com — Cisco Umbrella Rank: 1661	2 KB
2	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 1513	400 B
2	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1009 bcp.crwdcntrl.net — Cisco Umbrella Rank: 948	12 KB
2	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 992	278 B
2	3lift.com tlx.3lift.com — Cisco Umbrella Rank: 605 eb2.3lift.com — Cisco Umbrella Rank: 406	700 B
2	media.net prebid.media.net — Cisco Umbrella Rank: 1537 contextual.media.net — Cisco Umbrella Rank: 654	9 KB
2	unrulymedia.com targeting.unrulymedia.com — Cisco Umbrella Rank: 827	165 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 75	152 KB
2	vidazoo.com static.vidazoo.com — Cisco Umbrella Rank: 2797	55 KB
1	adotmob.com 1 redirects sync.adotmob.com	282 B
1	turn.com 1 redirects ad.turn.com	425 B
1	linkedin.com px.ads.linkedin.com	651 B
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 1153	418 B
1	rfihub.com 1 redirects p.rfihub.com — Cisco Umbrella Rank: 940	761 B
1	bttrack.com bttrack.com — Cisco Umbrella Rank: 956	163 B
1	adform.net c1.adform.net — Cisco Umbrella Rank: 626	454 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	55 KB
1	google.de www.google.de — Cisco Umbrella Rank: 5056	455 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 562	13 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1497	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 1424	2 KB
1	creativecdn.com invstatic101.creativecdn.com — Cisco Umbrella Rank: 1396	2 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 377	878 B
1	sonobi.com apex.go.sonobi.com — Cisco Umbrella Rank: 2141	930 B
1	seedtag.com s.seedtag.com — Cisco Umbrella Rank: 4395	401 B
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 3996	448 B
1	minutemedia-prebid.com hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3974	448 B
1	lijit.com ap.lijit.com — Cisco Umbrella Rank: 724	405 B
1	4dex.io mp.4dex.io — Cisco Umbrella Rank: 2625	728 B
1	teads.tv a.teads.tv — Cisco Umbrella Rank: 1474	382 B
1	catapultx.com cpm.catapultx.com — Cisco Umbrella Rank: 29322	264 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1086	609 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1892	246 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	15 KB
1	adgarden.market adgarden.market — Cisco Umbrella Rank: 108647	8 KB
230	62

	Domain	Requested by
22	tpc.googlesyndication.com	vrl9rgsahh7mx6ndn.ay.delivery heroinvesting.com 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com tpc.googlesyndication.com
22	heroinvesting.com	heroinvesting.com
10	cdn.ampproject.org	securepubads.g.doubleclick.net
9	fastlane.rubiconproject.com	vrl9rgsahh7mx6ndn.ay.delivery
9	vrl9rgsahh7mx6ndn.ay.delivery	heroinvesting.com vrl9rgsahh7mx6ndn.ay.delivery
8	pagead2.googlesyndication.com	heroinvesting.com pagead2.googlesyndication.com tpc.googlesyndication.com
7	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
7	securepubads.g.doubleclick.net	heroinvesting.com securepubads.g.doubleclick.net
6	cm.g.doubleclick.net	4 redirects
6	www.google.com	1 redirects heroinvesting.com vrl9rgsahh7mx6ndn.ay.delivery 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
5	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
5	s.amazon-adsystem.com	3 redirects ssum-sec.casalemedia.com
5	pixel.rubiconproject.com	3 redirects
5	googleads.g.doubleclick.net	pagead2.googlesyndication.com vrl9rgsahh7mx6ndn.ay.delivery 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
4	token.rubiconproject.com	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
4	track.kueezrtb.com	heroinvesting.com
4	api.assertcom.de	vrl9rgsahh7mx6ndn.ay.delivery
3	aax-eu.amazon-adsystem.com	2 redirects
3	ssum-sec.casalemedia.com	1 redirects js-sec.indexww.com ssum-sec.casalemedia.com
3	x.bidswitch.net	2 redirects
3	match.adsrvr.org	ssum-sec.casalemedia.com
3	fonts.googleapis.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	g2.gumgum.com	vrl9rgsahh7mx6ndn.ay.delivery
3	exchange.kueezrtb.com	vrl9rgsahh7mx6ndn.ay.delivery
3	btlr.sharethrough.com	vrl9rgsahh7mx6ndn.ay.delivery
3	prg.smartadserver.com	vrl9rgsahh7mx6ndn.ay.delivery
3	prebid.cootlogix.com	vrl9rgsahh7mx6ndn.ay.delivery
3	ssc.33across.com	vrl9rgsahh7mx6ndn.ay.delivery
3	c.amazon-adsystem.com	heroinvesting.com c.amazon-adsystem.com
3	cdn.followsports.com	heroinvesting.com
2	secure.adnxs.com	2 redirects
2	ups.analytics.yahoo.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ssum-sec.casalemedia.com
2	eus.rubiconproject.com	vrl9rgsahh7mx6ndn.ay.delivery eus.rubiconproject.com
2	2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net vrl9rgsahh7mx6ndn.ay.delivery
2	gum.criteo.com	1 redirects vrl9rgsahh7mx6ndn.ay.delivery
2	id5-sync.com	cdn.id5-sync.com
2	oajs.openx.net	1 redirects heroinvesting.com
2	esp.rtbhouse.com	invstatic101.creativecdn.com
2	prebid.a-mo.net	vrl9rgsahh7mx6ndn.ay.delivery
2	targeting.unrulymedia.com	vrl9rgsahh7mx6ndn.ay.delivery
2	adservice.google.com	pagead2.googlesyndication.com vrl9rgsahh7mx6ndn.ay.delivery
2	www.googletagmanager.com	heroinvesting.com www.googletagmanager.com
2	static.kueezrtb.com	heroinvesting.com static.kueezrtb.com
2	static.vidazoo.com	heroinvesting.com static.vidazoo.com
1	cdn.indexww.com	ssum-sec.casalemedia.com
1	sync.adotmob.com	1 redirects
1	ad.turn.com	1 redirects
1	px.ads.linkedin.com
1	pixel.mathtag.com
1	p.rfihub.com	1 redirects
1	bttrack.com
1	c1.adform.net
1	js-sec.indexww.com	vrl9rgsahh7mx6ndn.ay.delivery
1	contextual.media.net	vrl9rgsahh7mx6ndn.ay.delivery
1	sync.cootlogix.com	vrl9rgsahh7mx6ndn.ay.delivery
1	sync.kueezrtb.com	vrl9rgsahh7mx6ndn.ay.delivery
1	eb2.3lift.com	vrl9rgsahh7mx6ndn.ay.delivery
1	ssc-cms.33across.com	vrl9rgsahh7mx6ndn.ay.delivery
1	www.googletagservices.com	2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
1	google-bidout-d.openx.net	vrl9rgsahh7mx6ndn.ay.delivery
1	mug.criteo.com	heroinvesting.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	www.google.de	heroinvesting.com
1	static.criteo.net	vrl9rgsahh7mx6ndn.ay.delivery
1	oa.openxcdn.net	vrl9rgsahh7mx6ndn.ay.delivery
1	cdn.prod.uidapi.com	vrl9rgsahh7mx6ndn.ay.delivery
1	cdn.id5-sync.com	vrl9rgsahh7mx6ndn.ay.delivery
1	tags.crwdcntrl.net	vrl9rgsahh7mx6ndn.ay.delivery
1	invstatic101.creativecdn.com	vrl9rgsahh7mx6ndn.ay.delivery
1	cdn.jsdelivr.net	vrl9rgsahh7mx6ndn.ay.delivery
1	apex.go.sonobi.com	vrl9rgsahh7mx6ndn.ay.delivery
1	s.seedtag.com	vrl9rgsahh7mx6ndn.ay.delivery
1	hb.yellowblue.io	vrl9rgsahh7mx6ndn.ay.delivery
1	tlx.3lift.com	vrl9rgsahh7mx6ndn.ay.delivery
1	htlb.casalemedia.com	vrl9rgsahh7mx6ndn.ay.delivery
1	hb.minutemedia-prebid.com	vrl9rgsahh7mx6ndn.ay.delivery
1	grid.bidswitch.net	vrl9rgsahh7mx6ndn.ay.delivery
1	ap.lijit.com	vrl9rgsahh7mx6ndn.ay.delivery
1	prebid.media.net	vrl9rgsahh7mx6ndn.ay.delivery
1	mp.4dex.io	vrl9rgsahh7mx6ndn.ay.delivery
1	a.teads.tv	vrl9rgsahh7mx6ndn.ay.delivery
1	cpm.catapultx.com	vrl9rgsahh7mx6ndn.ay.delivery
1	u.kueezrtb.com	static.kueezrtb.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	region1.google-analytics.com	www.googletagmanager.com
1	scontent-fra3-2.xx.fbcdn.net	www.facebook.com
1	scontent-fra3-1.xx.fbcdn.net	www.facebook.com
1	www.facebook.com	heroinvesting.com
1	cdn.heroinvesting.com	heroinvesting.com
1	adgarden.market	heroinvesting.com
0	lexicon.33across.com Failed	vrl9rgsahh7mx6ndn.ay.delivery
0	aax.amazon-adsystem.com Failed	c.amazon-adsystem.com
230	94

This site contains no links.

Subject Issuer	Validity	Valid
heroinvesting.com E1	`2023-05-03` - `2023-08-01`	3 months	crt.sh
*.adgarden.market Amazon RSA 2048 M01	`2023-02-08` - `2024-03-08`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
ay.delivery GTS CA 1P5	`2023-05-03` - `2023-08-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
kueezrtb.com GTS CA 1P5	`2023-04-24` - `2023-07-23`	3 months	crt.sh
followsports.com E1	`2023-05-02` - `2023-07-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-03-23` - `2023-06-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
api.assertcom.de R3	`2023-04-17` - `2023-07-16`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.targeting.unrulymedia.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-10` - `2024-05-10`	a year	crt.sh
catapultx.com R3	`2023-04-22` - `2023-07-21`	3 months	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
prebid.media.net GTS CA 1D4	`2023-05-09` - `2023-08-07`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2023-05-05` - `2023-08-03`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.minutemedia-prebid.com Amazon ECDSA 256 M01	`2023-04-18` - `2024-05-16`	a year	crt.sh
*.cootlogix.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-02-10` - `2023-08-31`	7 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M01	`2023-04-13` - `2024-05-11`	a year	crt.sh
*.a-mo.net R3	`2023-05-22` - `2023-08-20`	3 months	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-18` - `2024-05-16`	a year	crt.sh
*.seedtag.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-29` - `2024-04-15`	a year	crt.sh
*.kueezrtb.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-06`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
gumgum.com Amazon RSA 2048 M01	`2023-02-10` - `2023-09-23`	7 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
invstatic101.creativecdn.com GTS CA 1D4	`2023-04-28` - `2023-07-28`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-05-18` - `2023-08-16`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-05-28` - `2023-08-26`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-27` - `2023-08-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
esp.rtbhouse.com GTS CA 1D4	`2023-05-17` - `2023-08-15`	3 months	crt.sh
*.id5-sync.com R3	`2023-04-18` - `2023-07-17`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-06` - `2023-09-30`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-04` - `2024-04-21`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
casalemedia.com Go Daddy Secure Certificate Authority - G2	`2022-12-13` - `2024-01-13`	a year	crt.sh

This page contains 23 frames:

Primary Page: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Frame ID: 9908B9E591037A409D6C3AE9C6A75A3A
Requests: 132 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=350&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Frame ID: 08038B11300A739D12EC22FF634CF0F3
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230612/r20190131/zrt_lookup.html
Frame ID: 7200EE077E0FCE79A6A6BA1729AEB3F3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4980920491730550&output=html&adk=1812271804&adf=3025194257&lmt=1686686842&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686686841833&bpp=3&bdt=371&idt=262&shv=r20230612&mjsv=m202306080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8461998749246&frm=20&pv=2&ga_vid=1716734272.1686686842&ga_sid=1686686842&ga_hid=1618440501&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759842%2C44759926%2C42532280%2C42532278%2C31071755%2C31075259%2C44772268%2C44788442&oid=2&pvsid=197147639289706&tmod=89671707&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=292
Frame ID: 25E12CD076979F21EDBA0E87DB4069B1
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=heroinvesting.com
Frame ID: 174A0EC3365AEA2069A4C8185D468A96
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 465CE9FB6B55A13C77A5132B03F9C7C7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 20CF3E2E35CDF7A912F910BE6C55C5E4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F278BA5736F45EFD19259A00ADA32B2B
Requests: 2 HTTP requests in this frame

Frame: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A26BC8D594B9663C527D33F4B9734ECB
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032305252018000/amp4ads-v0.mjs
Frame ID: 70C5EFE45D35AA120FC76EDC750E6520
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/032305252018000/amp4ads-v0.mjs
Frame ID: E00226691C06C152FA8EC934D4114885
Requests: 15 HTTP requests in this frame

Frame: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 01274DD8C7B3CD57BB894F6F7AD5DE4E
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html
Frame ID: 37C5C2B541EE7620CC6ADF869639F79A
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: DC307024A1EF81F0AD1ED27F9453A877
Requests: 2 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 864B506618575327CF55B11D5AE4F393
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: E8A5BAAE71C62FEDC2FF27D5C74A1622
Requests: 10 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 24DD9B7670ACDE976A05A9E9D2E5ADE6
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: FD6C4948F736C73D2C24521BB0E8D18A
Requests: 1 HTTP requests in this frame

Frame: https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 412A81BB3BE0AFDCFB6EF43E060EE99D
Requests: 1 HTTP requests in this frame

Frame: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: F6A39E78E511F581B7A584FC28466A33
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 21CF9A3A063E4D7E0470515D6358B49B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 1A6B9D119D45C11A0175FAC264AEE1BC
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: C0E1EC16D8BF396BC3FB8D74CA53661E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ridiculous T-Shirts That People Actually Wore In Public

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

/_nuxt/

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

230
Requests

91 %
HTTPS

40 %
IPv6

62
Domains

94
Subdomains

81
IPs

7
Countries

5671 kB
Transfer

10276 kB
Size

36
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 127

https://oajs.openx.net/esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp&cc=1

Request Chain 131

https://gum.criteo.com/sid/json?origin=publishertagids&domain=heroinvesting.com&sn=ChromeSyncframe&so=0&topUrl=heroinvesting.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=kfeHzHxiMEJsR1lBbEtncUNDM1kxR2FYeVdPVkdReVpaK3FTS3JYSzRJQzFiQm9Ca3ozcjhYNGdRQzNNdHJUVkZlVDVQcVBmQjVQeENqQTE5QStmQ1grdk5MZ1oyOERPY2dJS2h4WUI4UG1XYm9sT2xEdFpvSW9pa0YzM2hMYURUWUdETzEybTZFelFuL3c4R25rTXRaeXRCa3pUR0MxcDd0U2t2eHJaQis4eXcwSmtnZEZhNGVQdXcyS3NEYWZhNzhyM1psNXM4enJneldYZTJ4SzBUdkFRMVFQR2tuR1FEKzVNczVYTGs0QlJQL0FTWGNSTnBUM1ZqWXg1L21Wd01oSXpEZFRpSThIVGFBTGk0cXlyVmMvWmNTQ2doVitTL0dlSmJxREh1Y0FPbE1WYz18&cppv=2

Request Chain 182

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 214

https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=themediagrid&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329526150655795&expires=30&ssp=themediagrid

Request Chain 217

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 218

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZC962WpHSeSE4luPNc_cHg&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ZC962WpHSeSE4luPNc_cHg

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEH634KihNapE7nvEkvgEsqs&google_cver=1

Request Chain 220

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TMe5_PolR9a_duR3Spr5nA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TMe5_PolR9a_duR3Spr5nA

Request Chain 221

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/byeMx9Dpie1m5_1efoXe7w?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-tw3qYJJE2oIaKqAC4m6ktdGKI2wljvRivl3ebg--~A

Request Chain 223

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElVUFNQMDMtNy05QVM3 HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHas1gaU7RUBDnRtn-3IGnI&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElVUFNQMDMtNy05QVM3&google_push=

Request Chain 224

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIUPSP03-7-9AS7

Request Chain 225

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YTc5MzY2NGI0YjJmNzgzMjc4NjU4NjE0YzY1OWMxYzI4OWFiZjU5MQ

Request Chain 226

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid=&dcc=t

Request Chain 227

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZIjMfiQvwm7dP-XNmowNqwAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELE0jwXKnEQQJ10G3kW0ifg&google_cver=1

Request Chain 228

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEJC72524Kms5akviSYZsEPI&google_cver=1

Request Chain 230

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7120085832640865267

Request Chain 231

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&verify=true HTTP 302
https://pr-bh.ybp.yahoo.com/sync/casale/ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB

Request Chain 232

https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATION%5D&gpp=&gpp_sid= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=

Request Chain 233

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5396605702580989797

230 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/ 176 KB
34 KB 552ms
452ms Document
text/html 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1dbe64978c6dabc347382bdb8aca3e556b822618767e6ce2685fb9453da7a33

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 7d6cf5946eda9c0a-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Tue, 13 Jun 2023 20:07:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2E1ot2lG%2Fq9cP7VdTvuok%2FFd2sNbvxrtOW7f43RpVyRjlcmsWAblZX%2F14fvjeX0yf37xJCBHGWS93FbJCFoEJ2s8lJZBlDoChFR7CeRZHmtgCcEBRqzb2Uv%2FJVTpiPqe88APkB%2FVO1bFP0kdx14Igw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: total;dur=108;desc="Nuxt Server Time"
vary: Accept-Encoding
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
x-amz-cf-id: JSk_G05QXEZRRjDY1LyNkxXuboOKrOAgPMEsp8G-yTwxpiC2niM9pg==
x-amz-cf-pop: FRA60-P3
x-cache: Miss from cloudfront

GET
H2 200 adgarden.js Show response
adgarden.market/js/ 8 KB
8 KB 319ms
224ms Script
text/javascript 2600:9000:223f:ca00:3:6d3c:dac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adgarden.market/js/adgarden.js

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:223f:ca00:3:6d3c:dac0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx/1.20.2 /

Resource Hash

1aa80730e2733b6a9bb8592292909ca4a1b9e19c80e82ed49f6ef3d0de3536c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
strict-transport-security: max-age=15768000
via: 1.1 ffdf2668ac264ec6d8784ccc7453073c.cloudfront.net (CloudFront)
last-modified: Tue, 30 May 2023 19:13:50 GMT
server: nginx/1.20.2
x-amz-cf-pop: FRA56-P5
etag: W/"1e34-64764aee.2009dc5f"
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 7732
x-amz-cf-id: jnExukTOQljH8M8UuHsMEFvLzbYWenHKLDDpXq1mt_nNnr0nsQTATQ==

GET
H2 200 1cbaf35.js Show response
heroinvesting.com/_nuxt/ 4 KB
3 KB 48ms
46ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71571a0733ef74c7ca16f4ff98ccf562eb375b569d8d0c8fb66ac5bd4afd9165

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 7395d1816622756cd6753f5e1281200c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 62510
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"1035-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2%2B6l%2B1yxjXV59U%2BhAs2VQHIIgqCUvv5FwzE4XdfHGlFPrp8Lpfj90nov2vy9lsTf8OaQEmUnUuA9w9u%2Fz3YLI7zFFQa%2FDFzzHDINaiFe7u4JR%2BVnRGXsZ6sGKxElxKQOWuDEQEL5Oc%2BdEHptWhwPsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975ae99c0a-FRA
x-amz-cf-id: Nzk6QfAERg-kpcJVao5oNMvd1wsy4dqWDi4LTGODqAs1c3BdX1EJ9Q==

GET
H2 200 8dd7f65.js Show response
heroinvesting.com/_nuxt/ 191 KB
66 KB 68ms
66ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/8dd7f65.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4679bfed42aadefbd62796efe47cc8ee0664baedf88fcff17b72473fe57967d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 5b6e22c950501920595c86fc25834582.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 64728
cf-polished: origSize=195171
x-cache: Miss from cloudfront
server-timing: total;dur=0;desc="Nuxt Server Time"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"2fa63-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJleHjwQc6PtQknxNNcNMhi2rYsGIdUUOaPzMB%2FjW2tCIQixjBLKtUAbXSqyqK7GGHaHfYyTbKbbyPfDsi0HlEX7iUNrcJnR5laziJ3cQe%2BYWsV9HAG9d%2FfCLwr7aV4dUyvtUOVCs8vCQC281L%2Be7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975aec9c0a-FRA
x-amz-cf-id: HDxOSQge96Bm3stvIr4k8qF10Wd0gS-2DEhK8kASFQjEfxvWT199Cg==

GET
H2 200 e3fef0e.js Show response
heroinvesting.com/_nuxt/ 480 KB
126 KB 89ms
87ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/e3fef0e.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e708aefb4d99fef19220a1c3f01261141f52a2010f220210638a8b549170ea30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 62510
x-amz-cf-pop: FRA60-P3
cf-polished: origSize=491058
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"77e32-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tNs7AkbDpG9zQOB6ozZ%2B%2FY4HlEd6c3JVqxLduzbGUg%2FOCsW8CXJWtkRKjbe3fJpPpJgB3L7oyyVsNqqlbijEUjzPmxrmzJcFkjuvsXu%2BPJ8nuJ3K9hQpAM%2F1gXnJ36YCQZ1VYsZU1wchZ1x4USZ%2BvA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af19c0a-FRA
x-amz-cf-id: XU8ksMLOc7VZn0Rkcbr_wVSlZ4gqzuxAYzIkZMQt1iyfqE90Be1a8g==

GET
H2 200 83acf36.js Show response
heroinvesting.com/_nuxt/ 111 KB
30 KB 57ms
55ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/83acf36.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a24fa569e495d1548229c0f27bb95c3b25f0ac563050d123493944e21acd8e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 62510
x-amz-cf-pop: FRA60-P3
cf-polished: origSize=114046
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"1bd7e-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuqXCx8XmcDWukJGIF2IonuXRe0xh2ZQgKHe0RbtpoNGeFV9Mxu9hOKfv%2BvcF63wt0JrTnRAnwcBWOptTinDJngM4twLMNK5SrbDLKi5i6A4plZTbVNgp5F9S%2FloSgr1DJoOsN6BvcBQ1EzV0z3txw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af29c0a-FRA
x-amz-cf-id: fzn3zkVDDPu0DUY4bc8fdny3jUgo7sEPLcMGkCZl037vAXcPA8Ywlw==

GET
H2 200 e293610.js Show response
heroinvesting.com/_nuxt/ 4 KB
2 KB 50ms
48ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/e293610.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dd2f1dd1dd1508454e914b6091c70371c9377ad7788ec62f7a21b55936c6c00

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 6fc439c8bc0a64a7ab978ce699795274.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 64728
x-cache: Miss from cloudfront
server-timing: total;dur=2;desc="Nuxt Server Time"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"1118-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfVYj5hnOwFeOxOQPKRCNpDwZFmcMFgORESK7Xv2MYj86us6L4rCS1tfXk2krZTaSEjsPnpx%2BNTsR3mTzZWYwNNHRMW%2FhIS9kWpfRWvAMSwyoSodK2wtDLWwCiQY25HFE%2FP3x5fqQFFIu1zRzAaLWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af39c0a-FRA
x-amz-cf-id: yzM0Q1i2NCETT-9Au1J362f6-C8rke4yLZW2zkjaZdGOcRM4Sddq9g==

GET
H2 200 488f679.js Show response
heroinvesting.com/_nuxt/ 2 KB
1 KB 50ms
49ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/488f679.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2aeecc98f944c3f902958e47e7999963e1d7b8e981d42157349b6108ba533f51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 64728
x-cache: Miss from cloudfront
server-timing: total;dur=0;desc="Nuxt Server Time"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"92a-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NMc3gtyapERdwyikHnTgFFwxs7xq62ogHELWYEqbWYH3lysd8H15MMLGUj5Zdhi95wNmwCZa0O6LD4HKchCyDz1eUKNFFNAK8DrXf4O%2F0%2FxWZtHkVfr9ra7ZsGInvuF%2BfFPQ1PI9ySUtHjsL6Uzzvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af49c0a-FRA
x-amz-cf-id: 2W8kIbhrnxdU_8uyvVeTXGfbbIqLEQW2uiUru2sHP-EQQLQ6OX7eug==

GET
H2 200 ab3e8e8.js Show response
heroinvesting.com/_nuxt/ 5 KB
2 KB 55ms
53ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/ab3e8e8.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6400e6f9223a7f8e652dfb8a3f0398f3be1916687970b235f8a561555809c419

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 39457
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"1397-188b21a058f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85mUQhQEjca%2BBGx1nPlETEG0Qy07E8qtsvJ6%2Br%2ByU7aC1%2F8kPoOv%2BjQN8dYd%2Fn4ipIUfyOdNZJNekhx0OleaW6C2QYO2FUt1eMrvkbKyDlSHXnycTFV7RS%2B7WNz%2Blu3I4KH0yYnEr80ngulj%2BggSKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af59c0a-FRA
x-amz-cf-id: YaGL6sJ7by_gk7KGX4TEeZveL7FUhoZUiqRJBE4NxiiyNOKKFuxS2Q==

GET
H2 200 576677e.js Show response
heroinvesting.com/_nuxt/ 13 KB
5 KB 52ms
51ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/576677e.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a530bb227389815a9479d21027750dd9c31bc10e2a19dea7592efb58ca7111fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 64728
x-cache: Miss from cloudfront
server-timing: total;dur=0;desc="Nuxt Server Time"
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"34c5-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kZ2V0xh2gmOnpLD3ruK%2Bgc2r38aFC3zS2ZAkOY9oxVI9K158zbtWczex%2Fd6S6dT4DWsWlZvoJHdFYla5SSXUYdLuNwdJiU3aprd84Gci4%2Bh5oJmVwxCMH7GSsLhczpZNbh67zQa9i60gJw4lCwTKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af69c0a-FRA
x-amz-cf-id: PbPX_1v3blUsoRSllTR9ZZwRxw9dxUBANzF057fcJ409FqGkPYPk0A==

GET
H2 200 007fc2f.js Show response
heroinvesting.com/_nuxt/ 2 KB
1 KB 89ms
87ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/007fc2f.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8d50e39586e7ea19e91c343d209275b01db51643898a13ccb8c10bc531c9585

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"722-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NfKWnRCttcNo3l3arItFGazVL59QqSNucu6xCASBShOj%2BnOYaqcXOabMroQhCIH63fIb4rmUdbHR8GeiQggTpmmWs3Hw7%2BlXgNBKNAa0H7HJ7sZ6OcISsJt1HvMGTkTL4r9IotQCsrH5bv%2BBVW8kQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af89c0a-FRA
x-amz-cf-id: IS2HkQrAzV0Kxy1pzBMlG9zGeEWGV3K4IvK5LmaTYXj_9ctuv6x19w==

GET
H2 200 d0c6854.js Show response
heroinvesting.com/_nuxt/ 1 KB
1 KB 100ms
99ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/d0c6854.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f54143ed26b74a0dc3937bbcc86a3d4a97c2e19803af199a381205fc1422e5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"596-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6RMxSWfqFqcNmB3maQ9w21PcKsYJi9imA56UQC6iQI2gadgQuSFlq%2B1oNv8hjZbaTklTI2MApcC1Jp6COhGd9yzixnF3ybIAJP4Opkk8%2BxTscuBnCFty5PCyYbgLVJw59q0Goa%2Brrt87O22pRE0TYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5975af99c0a-FRA
x-amz-cf-id: OagjSfQZ9V0fSYUegUKEzKohgJVyGFA-jKzMRRWxW9sbzpYMpsrRZw==

GET
H2 200 92cb60f.js Show response
heroinvesting.com/_nuxt/ 3 KB
2 KB 120ms
119ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/92cb60f.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f16cb52e292b59fe0828854431a3b5ff0a172bd11e43e3e6eec0a63380a97cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"b82-188b21a0593"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dt8yYaS5kmSTX4c71mSwVqHKrfJalfXdCJ5szQfHPUaiTQEp%2BJWjZ2%2BjsBtp0ySiUkShfcNEz6XNLY9ZHSJND%2F5wavJawSqCkpyHw5rnbPvF%2F5fHJNhGTxUJ%2BNuocePJq4305QP%2FRqttDybLqratPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5979b369c0a-FRA
x-amz-cf-id: 8-wM6eu59T_Sxf6ksd7AZO6O8VaW1JeZDaEZyuz4kL25wwFz7d2iQA==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 137 KB
47 KB 219ms
123ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a0dcd87c40869427f0c1f10c486fa9eb227da63acfb99f07c2dd5f1d6d778c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47410
x-xss-protection: 0
server: cafe
etag: 2164461956247748936
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 13 Jun 2023 20:07:21 GMT

GET
H2 200 heroinvesting.61dbeee.png
heroinvesting.com/_nuxt/img/ 23 KB
23 KB 84ms
84ms Image
image/png 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heroinvesting.com/_nuxt/img/heroinvesting.61dbeee.png
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 c80ae6bd97b709ed6e4747f0d5ea4efc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 62510
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 23433
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"5b89-188b21a058b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y0d%2F2TUMNZhywK9Q%2BZ%2F8LkweZePPXhjl8erIZ9BU0YiUCl9WztsEb3pT78h5MkAxT821Q9AzUnrpW53U%2F69lRv00e%2BxO9fXGP%2FlX3OVSB7Tpf5ifRnhDL8GG5ZTkzpzlPIcJenx6TQI2v43EYFJc8w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7d6cf5979b399c0a-FRA
x-amz-cf-id: 1Y1u658Nct61uTFt-LQ4RUV_YXHlaWnq9yNP-Ekh74BP5CW8t5YPSQ==

GET
H2 200 f9718382f4ac8b8ecab5d3b19d3da446.svg
heroinvesting.com/_nuxt/ 13 KB
6 KB 83ms
82ms Other
image/svg+xml 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/f9718382f4ac8b8ecab5d3b19d3da446.svg
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 62510
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"355c-188b21a058b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EL7Bs3eGvDGGvX5O9GS16nyJ7QlmQGWdlIhUPlfQYXj7FwtlIvOJR5oATugqhfmfEdAzs99ci%2BQoXGNtkteA2MaHB0FHOL4Xr4gmYx8TaVRCwmozQ3AQGMPkxoyfK5bUjbtlVVSPEawTWBptYfgtsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 7d6cf5979b3b9c0a-FRA
x-amz-cf-id: UZLc_1w8AUKFXqOMbJYkZe4qJWdUrgmFJ1ECDLboqoGOXMecDIi-0g==

GET
H2 200 Ridiculous-T-Shirts-That-People-Actually-Wore-In-Public.jpg
cdn.heroinvesting.com/content/images/2022/10/ 129 KB
129 KB 622ms
598ms Image
image/jpeg 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.heroinvesting.com/content/images/2022/10/Ridiculous-T-Shirts-That-People-Actually-Wore-In-Public.jpg
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 04937c00441e6ce29b3c94e9ed8af987c537cc1c1b3879daac6c45a94301e82c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
x-proxy-https: true
alt-svc: h3=":443"; ma=86400
content-length: 131881
last-modified: Mon, 24 Oct 2022 22:35:14 GMT
server: cloudflare
etag: W/"20329-1840c22bf86"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJL8Hud%2F1qEE0sI7WcWtc7eehWJVA6lw9QX6ll%2BW%2BAc2T4rDjXIiAQ5mDJTiQrQnV95QqVJvWyWWPSQ%2FCL26Nqg5YKZphe1N7dXHMJ1W6zGoF76f6HmF3qpIA7ZgUgYt7CfDmN0qmnUF5NKLi2fR0czBiz0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7d6cf5979b489c0a-FRA
x-proxy-cache: MISS

GET
H2 200 roboto-v29-latin-700.woff2
heroinvesting.com/fonts/ 15 KB
16 KB 80ms
80ms Font
font/woff2 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/fonts/roboto-v29-latin-700.woff2
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Request headers

Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Origin: https://heroinvesting.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 5492e1c9a06f2320204e7fcc383cff5c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 62507
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 15828
last-modified: Thu, 17 Mar 2022 00:04:00 GMT
server: cloudflare
etag: W/"3dd4-17f95303b8f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xnp6GOJRX%2FwsuqUSM7P6hfgcyXNoxuCjB7C5%2FNqCF%2Bkfe8av%2B7FAVKqCus%2FmLYhsaGc%2B7cr1zyvuhG%2BTeyK%2BplDjQUdOFetVswnGQavzUMWMcz698xfumHVWMNOBlvsa09OI7D0tGfLsqr38lq%2Fw1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d6cf5979b3d9c0a-FRA
x-amz-cf-id: E7iVyMKQdkI9XTrMl7loaimaSXEYwVMOgUlml433elBAm6YO-m1hIA==

GET
H2 200 roboto-v29-latin-regular.woff2
heroinvesting.com/fonts/ 15 KB
16 KB 81ms
80ms Font
font/woff2 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/fonts/roboto-v29-latin-regular.woff2
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Request headers

Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Origin: https://heroinvesting.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: FRA60-P3
age: 62507
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 15688
last-modified: Thu, 17 Mar 2022 00:04:00 GMT
server: cloudflare
etag: W/"3d48-17f95303b93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mfy4pAyURGPSmYhdZc8hP1ehjd9yONbUY7m5hAudifQ0l3JBwDMX%2BfLVVMssSHYsYSh%2Bln%2B1Qg%2Fb0hvolexvfEXsJjwknAKaJXYodcw1aAacmOPfmFIUolEuvoxlQoNBCHNygRlxBNDX0EftJjcfUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d6cf5979b3f9c0a-FRA
x-amz-cf-id: m6hKT5uk6bRUTqUBhAk2qk9IvPtFGFvkC9ulIIin_7rAMnzFYw4RqQ==

GET
H2 200 vRL9rGsaHH7Mx6NDN Show response
vrl9rgsahh7mx6ndn.ay.delivery/manager/ 242 KB
19 KB 272ms
69ms Script
text/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager/vRL9rGsaHH7Mx6NDN
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06ff55e11ddf5e27c5be8316edbd2d026b457b6d398399959e0c2a675a65bf0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"e105d019c028adbd59cefe2f-2.0.0-hotfix.1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HIKHurTAlA4OpNEThzKWVhl%2BsylOFRJpDn9Ew6AcWga5JQbSc5Irg8PIulfVSHrdWhSBDm0sLh0SYbtJczJOKwJ1i0w%2BhkuOeUfLgd4AtqseK77%2BRzm1eLnihrPakTtIeNZG%2BQUxBJEhG3laqqk%2BARTkB6kUesuczYZDoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=900, stale-while-revalidate=3600
cf-ray: 7d6cf598c87f8fd1-FRA
link: <https://securepubads.g.doubleclick.net/tag/js/gpt.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod>; rel=preload; as=script, <https://c.amazon-adsystem.com/aax2/apstag.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS>; rel=preload; as=script
alt-svc: h3=":443"; ma=86400

GET
H2 200 client-v2.js Show response
vrl9rgsahh7mx6ndn.ay.delivery/ 72 KB
24 KB 253ms
50ms Script
application/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d3e219d4662d0cd3202c5240047ae0300298d9f2ae877bf558eca1a633b7cd32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 18 May 2023 16:21:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1387
etag: W/"64665082-11e7f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Op8oTBXFk%2BI1cQy9xPDeiZxPkAEmLyeS8K4C11MBsC0NYtUBdji%2ByoKMi%2Fwe%2Bk9HzdXfhc8r8I6DyTzePm%2F%2BO4pDUF5%2BzBNEyEzSlgtvbnxrxue79fKAItKMBM4f2H5zfXB2veULyi%2BjLzeLQUOxQH1VX8iWEQuq0%2FJZZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 7d6cf598c8808fd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 vwpt.js Show response
static.vidazoo.com/basev/ 213 KB
52 KB 250ms
47ms Script
application/javascript 2606:4700:4400::6812:2bda
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/vwpt.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2bda , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb79805133aef4594b38ad90a4670b47db4f2a7cc8edd46c38abd4f40432f75b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: V3EYT54N224FX701
age: 15491
x-amz-server-side-encryption: AES256
content-length: 52569
x-amz-id-2: iDcWiZ3YYFJA3cvjQ4giHm4qdtdvtAuPQrfJQr1B7fWWlCcEacMu3L1C25jPrWksgKG6X1ddYKk=
last-modified: Wed, 07 Jun 2023 15:49:04 GMT
server: cloudflare
etag: "030a59dbceb1b8cf3f20afa728f90510"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d6cf598cd829170-FRA
access-control-allow-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires: Wed, 14 Jun 2023 20:07:21 GMT

GET
H2 200 latest.js Show response
static.kueezrtb.com/ 257 B
514 B 251ms
48ms Script
application/javascript 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.kueezrtb.com/latest.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa8bd32342b76da9f3ee296fa3f2ef4a8945997a532de65a027cc4b20d5be89f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 26 Mar 2023 12:27:20 GMT
server: cloudflare
x-amz-request-id: RRHNRCVQ8QPKH925
age: 3642162
etag: W/"110a74acd7fdbc0c2a553dc3568785bf"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 7d6cf598c8cd3a6e-FRA
x-amz-id-2: F33TILZggpteW31vEQVfbgeq4MgOhuu6i9iH2NPRfyvWRkihp/pI+1/wfGURW7ahlh/aie8YhF4=

GET
H2 200 image-6.png
cdn.followsports.com/content/images/2022/10/ 527 KB
528 KB 250ms
48ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.followsports.com/content/images/2022/10/image-6.png
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: b4a4a64679fc9709481ba33ab544b212ef552eba333f8c837e3ae59d9017836d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3801
x-powered-by: Express
x-proxy-https: true
alt-svc: h3=":443"; ma=86400
content-length: 539386
last-modified: Mon, 24 Oct 2022 20:47:15 GMT
server: cloudflare
etag: W/"83afa-1840bbfe113"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2BRrJVdxjmlXBLZdAwqFfEiSI0MLAUet3VTaQukoRd72sK1rHfjH7OEYBK53T81jm%2F%2FjRpDY%2Bv7PkiWtThlRRlm8tb4TZwMbksWJE4yrp7ylve0D8549XTU24rZe6%2FjrH65wO5k%2Bbt2eQyZajP%2F1WALpjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7d6cf598ca389b74-FRA
x-proxy-cache: MISS

GET
H2 200 image-11.png
cdn.followsports.com/content/images/2022/10/ 964 KB
965 KB 795ms
594ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.followsports.com/content/images/2022/10/image-11.png
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d0f1f3492ce17c5f16bd1eda86609244a311e799cea08adc47b0218336c919eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
x-proxy-https: true
alt-svc: h3=":443"; ma=86400
content-length: 987091
last-modified: Mon, 24 Oct 2022 20:48:00 GMT
server: cloudflare
etag: W/"f0fd3-1840bc091df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dojSSDNnfKmjQqSahVXmLpa1bCtzAPinn1%2FTZ8mcuLBD%2FCUFAeYi7p2vtvly116mFEjMmaeZKufoLj6rgwt75IWxqo%2FOBf93G10euq8zWWNsA%2F4QS0ai3s%2FJdrPT3PbGg%2FOxQJJgRu%2B8F2M3SN0vxUHCGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7d6cf598da399b74-FRA
x-proxy-cache: MISS

GET
H3 200 06ba485.js Show response
heroinvesting.com/_nuxt/ 17 KB
6 KB 48ms
48ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/06ba485.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a06c1b303ec1451222d955862c3aec28433c05d3bb7f5c6aaba128c129b489e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 d262e104d5d9dd6a4a52f090bdf9395c.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43816
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"43be-188b21a058f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTEfbIvBqwd8GB1fVoQg6cbCrpHDJSnyeCuBuguxzzCohC0Ezdy1iqPHb6iaO18Fklsfcdm%2Btk%2BtU%2Bm0taM5vHk%2FsMT5AevZREwIMK7fC%2FsqPFO80EOrQ4Bwb4L46Vdlsb%2FXUHGL3S40YtlowI7QcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5988e881e20-FRA
x-amz-cf-id: bfQ_RbOpRVQ6YHpv9TKlvYLJDL1rE_WgjKpsVjHDPZtn09FK2jM3pw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 231 KB
82 KB 151ms
62ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/e3fef0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0fa29d443f4c5382f21c3db10adb850a58c71fdbd00fc2f1e46d552665056541

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 83247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 13 Jun 2023 20:07:21 GMT

GET
H3 200 6e31d68.js Show response
heroinvesting.com/_nuxt/ 22 KB
6 KB 48ms
47ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/6e31d68.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc54137ac38858d677a50d0dd368b00154d7ae5db61d167fe99f7cea26139792

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 6ae82cc0c8a39c993134c2be90b4d120.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43815
x-amz-cf-pop: FRA60-P3
cf-polished: origSize=22026
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"560a-188b21a058f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CkEqHTIj6pHauN8kA%2BX%2F2dkzOT4rQs974FkozarO36%2BB8mCvdBIHtract6Q4vlSi5KZUvZpbl4M%2FwYRptT2ugmbGBb1EEZLnAgTnr%2FwUqym3l98IU2fYZ%2F8gHP2L7AbFQ9PznlmQKhdRtBRz9RpGxw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf5995fb91e20-FRA
x-amz-cf-id: zB6YZbHqmMEvSBDd7KsI8OM12J3i4xXy2nKPB5CkWb4FsxzLa-iJjg==

GET
H2 200 page.php Show response
www.facebook.com/plugins/ Frame 0803 38 KB
15 KB 197ms
116ms Document
text/html 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=350&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/8dd7f65.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3c3a2cb3ae1d3e9f5bb45433cc825e215891360b815a9dd065dfef7a8f7eb29f

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:21 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster: ?0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma: no-cache
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: G8Iq8q4kHmvBqrP4qNZMSlHJDS4fFjCsxnJja7302Jm1MlgHaspQEf1OVWD3KY88p81BqE/YRYzqE+Os8LL/0g==
x-xss-protection: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 77 KB
26 KB 360ms
228ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1db0840b5d0343d68b954a2f8fcfda1870e8ae77e31dd77a0f14fc679a04dca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25655
x-xss-protection: 0
server: cafe
etag: 826 / 19521 / m202306070101 / config-hash: 1873292877179224783
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 13 Jun 2023 20:07:22 GMT

GET
H2 200 yield-manager-script-v2.0.0-hotfix.1-prod Show response
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 92 KB
26 KB 83ms
81ms Script
text/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5365420f50a9e1851a0f14142c17fe1b445a648dbcd69d8f90a025b7ab303df8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cek2PxVkYp3yWXGOZe1etMweqVJv5qm224KrboC1nywBtFfo3rYNv3AUs1cjNEtxPwkXhlZOZBHIUw%2FG5OviWVo30HzDdrsPIMTaD%2FIxKaMnhzANnyaTMENPvvKjJfQKSF36v6KdeN62tZJiFA2P%2BGr8jFU3TJP23LhvGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 7d6cf59989698fd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 235 KB
57 KB 144ms
46ms Script
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b17f4c082b272213f4da075af5c73893db6c70f060c8441ff6e70f7251324ff9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 19:19:26 GMT
content-encoding: gzip
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront), 1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
last-modified: Thu, 08 Jun 2023 19:47:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA2-C1
age: 2876
x-amz-server-side-encryption: AES256
etag: W/"22e740da4e2336def33bbd74ea6796a6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: NOq_DW7KZy8-DpgHX1uiW0SKbQq5OY4eQXjt-tvNEag8Ts-L5NDesg==

GET
H2 200 vRL9rGsaHH7Mx6NDN.deploy Show response
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 454 KB
140 KB 76ms
75ms Script
text/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcb32e14293f387665aa17152d82480d6288b5834e3316f4aaf8295e9dc40ae4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YYH9KnE50w91EbXDNeUhPwxDt%2Fx%2FUkxK%2B6f82OHB8NGqkonFiNeEoguar%2BF7ZeWKF0WstTQe8%2FEO9zC1GLwY%2BkiHslcUkHb8%2F083KMYwG9KVeGAWfctyqDtZiXbR8p7BV54mMWzsEbB5U68BkE%2BTa%2B7vgNlCaGxoSUWW2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7d6cf599896a8fd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/ 352 KB
118 KB 115ms
114ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4980920491730550&plah=heroinvesting.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d2198153f7742d51489d9d7f907f73a79994d8aa7c6d27fed3004c3ed9461dfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120776
x-xss-protection: 0
server: cafe
etag: 3022748660836880019
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 13 Jun 2023 20:07:21 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230612/r20190131/ Frame 7200 10 KB
5 KB 127ms
39ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230612/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 83742
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4540
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 12 Jun 2023 20:51:39 GMT
etag: 15057649708203361565
expires: Mon, 26 Jun 2023 20:51:39 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 latest.js Show response
static.kueezrtb.com/js/ 199 KB
84 KB 55ms
55ms Script
application/javascript 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.kueezrtb.com/js/latest.js?_=1686686841855
Requested by: Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 520c11617ccee88cff885751187789d8f6e3ba46035410d1508948417dccb22b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sun, 04 Jun 2023 12:08:36 GMT
server: cloudflare
x-amz-request-id: GVY0QXQBR4MTQ3FR
age: 806286
etag: W/"fc63ff16992c051f6f8936d70da80025"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 7d6cf599b9df3a6e-FRA
x-amz-id-2: oiPh7sLj1ujyFxY5aNNkAt5KnU6dXAQuKJntnPdV3KhhhsR2oSo+yRr3wv2GlYS2qBMXOuB8/v0=

POST
H2 200 pageview
api.assertcom.de/ 0
310 B 153ms
67ms Ping
text/plain 94.130.203.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://api.assertcom.de/pageview
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.203.123 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.203.130.94.clients.your-server.de
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
access-control-allow-origin: https://heroinvesting.com
cache-control: no-store, no-cache, private, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding
content-length: 0
expires: Thu, 01 Jan 1980 00:00:01 GMT

GET
H2 404 linreg.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 0
0 55ms
54ms Script
text/html 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H2 200 linreg_da.min.js Show response
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 97 KB
28 KB 82ms
81ms Script
application/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg_da.min.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aeea68c06cdec239e1ed43620be76c9d9bd73c61aa14c174c4d028f2790ffe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 13 Jun 2023 12:07:16 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 91
etag: W/"64885bf4-183b2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5QPTgIngdnIfi7x%2Bv1GBLVi6NRN4Ds%2FrqFrm0y%2B3eTEtNdjJzbANJHbM9IHIPrc6QZ2X%2BqaJQ%2FuAT7BYmQOLZS3TH4QbXP9D9UmMItNrOWVzLAhwa6TExOtV%2FZ9ihZQHqmV7C9hQczCfY2spuPsHuX07FNKeUJ8xrsRQ%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 7d6cf599c9a48fd1-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 404 forest.min.js
vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/ 0
0 54ms
54ms Script
text/html 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H2 200 ivt.min.js Show response
vrl9rgsahh7mx6ndn.ay.delivery/ivt/vRL9rGsaHH7Mx6NDN/ 87 KB
36 KB 82ms
82ms Script
application/javascript 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vrl9rgsahh7mx6ndn.ay.delivery/ivt/vRL9rGsaHH7Mx6NDN/ivt.min.js

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4488a4c62daaa5db53e75de62822fdbc8232a42ff77c9d4531ca06643e3ce76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 198
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 10 May 2023 19:03:48 GMT
server: cloudflare
etag: W/"645bea94-15c32"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0UYx%2BEIpHPh%2BzKuHb7hwfmaZ34MnTn%2Fq%2FFPNv2elnnn%2Bpuks20glmBlDz71BSJbCoQKBzXAQQErAUI9HBOv0xNK4HILW2cMViePi2ocoa7M5Iu0WN%2FvzzydEei%2BR19bWzXzpk0i6GFjJDaEwWeZVAcPkl2JEQCT7ci7HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache, max-age=0
cf-ray: 7d6cf599c9a68fd1-FRA

GET
H2 200 tcf.js Show response
static.vidazoo.com/basev/ 7 KB
3 KB 48ms
47ms Script
application/javascript 2606:4700:4400::6812:2bda
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.vidazoo.com/basev/tcf.js
Requested by: Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:2bda , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b5f1a61dac01463cc815eae26ba920e53e97e5f8a87bef18e49702f02f28df3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: gzip
cf-cache-status: HIT
x-amz-request-id: 4T672QSWZ8QKA77G
age: 35793
content-length: 2380
x-amz-id-2: q5MoHIYAc1hO+VDEZLRwKJd4BBOrNENahjaNHmekc/0A94M2mmwo4EMgzRYwur1w83gjfDy++4c=
last-modified: Wed, 23 Feb 2022 14:20:43 GMT
server: cloudflare
etag: "924608c9cdd08db4aff4aaf090e1d13e"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d6cf599ceaa9170-FRA
access-control-allow-headers: Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires: Wed, 14 Jun 2023 20:07:21 GMT

GET
H3 200 5a9b36a.js Show response
heroinvesting.com/_nuxt/ 2 KB
2 KB 50ms
49ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/5a9b36a.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9ab796416d841bfa4b4c40b66177c1cf85c18c7b0734e3bf906bfdc997246a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36994
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"84a-188b21a058f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yfLXCpXJhKiHTgVhpTIxJ6pkRPDqNkR191qGu2N8i89STUCqqkBcXiS4mZg6Qf48ncsRi7tfz11LDZ6zFd%2FYBoCBey5OwqgfW2lQ13N%2BwtpsV4ST6d%2FymDPVXCCVI%2FwSJN8520MuTxCFm6PwzbppSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf599d8691e20-FRA
x-amz-cf-id: WJeaTyczN3Svu6CwUVXk95ODTxT-JMPdi2v8rQ2sIJ4EoQVM_cMCuQ==

GET
H3 200 a1ddc44.js Show response
heroinvesting.com/_nuxt/ 3 KB
2 KB 48ms
47ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/a1ddc44.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce4e70543c73ae57c0a98b3eb2c4cd235af21b10623436091b427c76ffdd1d1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43233
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"c36-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6zBK3uKOvBhQA%2B463DAFb2PrIEuZP5%2FuwMozreZg0aAITxeEVujBNonU1Q6LcUVc9K1LkORy%2BJZzmmun2MzGW2lhcFNsknCZYbNBmDc%2BeI2x4fe7Zk9EH2TN5of1SRhogcHDZyYi2v1fPRwlaaM5Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf599d86a1e20-FRA
x-amz-cf-id: HvJ0UaJ6NjygAOyBZi2b7JHhl-QN7n80Zx1wJRHKXQl2uoGrRQNG2g==

GET
H3 200 19e8596.js Show response
heroinvesting.com/_nuxt/ 766 B
1 KB 48ms
48ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/19e8596.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf40c9bfc195c4c2c37642c388d64d4853f063fc487256a7fe93749a4f204148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 dc0aad619823d3400ef947433d0af8fa.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 43244
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"2fe-188b21a0597"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNwjaDOheBt%2FHJ55Xzjupo0RNMDM46QpWeVjDDdDfSez1WmbQRW4hJ5QcavJkirO%2FZyB7y%2B5MXX9cwxl1nsqTZgnATT8I8rOG%2BXml6mn1QvXU9hOUFJ0sk1kot%2BNwkCCkF9O8DxwFxNApRVNJ5SMgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf599d86d1e20-FRA
x-amz-cf-id: DyG-dIHU5DibzvfpbxRPQ5CQ452nMLRSMKDsBuiFWrBU2gHqjYgOwg==

GET
H2 200 image-4.png
cdn.followsports.com/content/images/2022/10/ 1 MB
1 MB 567ms
566ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.followsports.com/content/images/2022/10/image-4.png
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/83acf36.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 06cb3a9674e535fd66eb8498fd92dafdf0278e3bb82f5302ddb6a092b444e90d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
x-proxy-https: true
alt-svc: h3=":443"; ma=86400
content-length: 1165879
last-modified: Mon, 24 Oct 2022 20:46:59 GMT
server: cloudflare
etag: W/"11ca37-1840bbfa32b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3X%2FRr8TVRjNc6UNBjyFMhDGo4%2FQR78wFt%2BHjjCl26Vyita6feol8h2MMCg5WT6iHEzikpPM8m1IB2hQ7PesWMo25vu%2B3OUJOiFzwwHQPnW2FcfzdekGYUx5IsOZeL46wDgtZTgrwefVuzvQ4%2BItcpOqIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7d6cf59a5c4d9b74-FRA
x-proxy-cache: MISS

GET
H3 200 6ef01e3.js Show response
heroinvesting.com/_nuxt/ 1 KB
1 KB 52ms
51ms Script
application/javascript 2606:4700:3036::ac43:9447
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://heroinvesting.com/_nuxt/6ef01e3.js
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/1cbaf35.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a6cb39f6864daf7181d55d50e2a47186648f67ea295109bf41b7d9ed0c6509b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 efb4ddf9650598b987ef5db782c5b530.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 36994
x-amz-cf-pop: FRA60-P3
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Tue, 13 Jun 2023 00:13:49 GMT
server: cloudflare
etag: W/"47e-188b21a058f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfW7mxzcrSH1un7uDQwBrOcpjDaKao7SIFfIS5sJhzxd02mIYQhWtySDzCxl295e0HSnLVCoNK7i0GMR4J7rFAWJWFjPUm3RSGhvFP0apTm7R5vrLcK6xOl3sBe2dsWTbxpR7xq09etUs%2BXz9EihCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 7d6cf59a59291e20-FRA
x-amz-cf-id: tFKGnZV-nxCYYlsoHSdtCxFAwIpUqhrTg3VdIN6uthw0ll1qQwkTYQ==

GET
H2 200 WJkHBndVAn0.css
static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/ Frame 0803 24 KB
7 KB 137ms
41ms Stylesheet
text/css 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/WJkHBndVAn0.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=350&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c30802f571a2e288c969e6335d176c98b72f9488ef065dfbc3b1005ab05e7824

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 5/kECOpYa+saZkPJT2TliQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6145
x-fb-rlafr: 0
x-fb-debug: SvXwNQ+Eu3PytQN9FChpGhPiX8Sduc1qGh6phczUaEDkREl2SjCNAmdcf2OcOxh52p72L5SZHDjH2yyyvOWCSQ==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Tue, 11 Jun 2024 17:02:10 GMT

GET
H2 200 PjKqDKqCice.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 0803 320 KB
84 KB 210ms
114ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/PjKqDKqCice.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e2d93b24584df8c25977bcea447ab18f21a5802bda10d2535e5a17c0a570752f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: PGXirhfkM5rkzR9AGvl09w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 85716
x-fb-rlafr: 0
x-fb-debug: 5U9r35C1q1lBqs+7o6x//MFX1IbGdoke6YKm+3Pav4mNcvk2OIJV0sp5RCOs0TRgHyn/Wr9yWRHWsw8ecFq0tA==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 09 Jun 2024 03:54:00 GMT

GET
H2 200 FMMie_OL3wL.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 0803 5 KB
2 KB 138ms
41ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/FMMie_OL3wL.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

62bf7e57ebc12f7a61aa36a8e4b4b25c8412f2212f91ff6f9b77d393245eecb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: vCUBJYYMHOYvLIAh94niHQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1575
x-fb-rlafr: 0
x-fb-debug: x+G2jsR+h+MseuPxTriDeZQaWUxCOVJFeefqw4Kdk04Jwwut1aI5cxfgxEGUSL8QIcB/P0gyTZBXfBJ/ggJ4cA==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 09 Jun 2024 17:43:43 GMT

GET
H2 200 qNTnhmBsX4_.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 0803 85 KB
26 KB 138ms
42ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/qNTnhmBsX4_.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

60b4c8697c73df4d71743a99e6f78f0d9f62a2c8eea3bc1b59319adf52ba1348

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: pRhjWPqrXDrbjQxIFg6X9A==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 26131
x-fb-rlafr: 0
x-fb-debug: OuJaIkDt0jOZUU8E7auvEKCPhaKfzh7VW/z9So4vzgeV9mgxI710UP9QI/sTTcKkMIFHGBexOlFD/MNMor9H7g==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Wed, 12 Jun 2024 05:44:07 GMT

GET
H2 200 RCW6h_5U8Bd.js Show response
static.xx.fbcdn.net/rsrc.php/v3iAxA4/yO/l/de_DE/ Frame 0803 104 KB
30 KB 210ms
114ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iAxA4/yO/l/de_DE/RCW6h_5U8Bd.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3970d64493daf2ddc2860fbaefdf2a9cd83c7ad22ca8c66b01164649deba787d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 3O9siQO90v5jLrNJekIJLw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 30675
x-fb-rlafr: 0
x-fb-debug: WZzSwkhGkKrhAHetm3VHrLliQbEaY0u7BVpdx1mp9CSXdJGHxfxC2W9VT5sR8JDriaq8iVbGyKagCTGNWUPSUA==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sun, 09 Jun 2024 17:49:21 GMT

GET
H2 200 p55HfXW__mM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yF/r/ Frame 0803 507 B
490 B 210ms
114ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/r/p55HfXW__mM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: L5E9gSgR735vyjAzTFly4g==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 293
x-fb-rlafr: 0
x-fb-debug: JosR3NRxBWMaP0nsOPklkGlzPkfHFPbUoy5+EV1j5+dYhVUAvYUFHXsiQzbB/mcTkTeJlJT3iGQDOgnYHndJZg==
x-fb-trip-id: 1679558926
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
origin-agent-cluster: ?0
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Thu, 30 May 2024 19:32:55 GMT

GET
H2 200 278482311_116380361018885_1836512003623861853_n.jpg
scontent-fra3-1.xx.fbcdn.net/v/t39.30808-6/ Frame 0803 6 KB
6 KB 135ms
40ms Image
image/jpeg 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-fra3-1.xx.fbcdn.net/v/t39.30808-6/278482311_116380361018885_1836512003623861853_n.jpg?stp=dst-jpg_s350x350&_nc_cat=105&ccb=1-7&_nc_sid=dd9801&_nc_ohc=kQgw0EIdmWUAX_l8jN3&_nc_ht=scontent-fra3-1.xx&edm=ADwHzz8EAAAA&oh=00_AfBsxh-aKgWgaTVhEKZVNAy-IVFQ2EhEUYJORXPpp72riQ&oe=648E3C03
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=350&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: ee8fba6f98ab7e973c5e75d0705b6e6ac48fe5e5d1298b4938a691a278a770ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-haystack-needlechecksum: 251891629
date: Tue, 13 Jun 2023 20:07:22 GMT
x-fbtype: 30808
content-digest: adler32=280105966
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6258
x-fb-trip-id: 1679558926
x-storage-error-category: dfs:none;hs_p:200:HS_ESUCCESS
last-modified: Wed, 13 Apr 2022 00:24:14 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=1209600, no-transform
x-needle-checksum: 2405290262
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 278502272_116380517685536_169863435363523684_n.jpg
scontent-fra3-2.xx.fbcdn.net/v/t39.30808-1/ Frame 0803 1 KB
2 KB 123ms
41ms Image
image/jpeg 2a03:2880:f084:105:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-fra3-2.xx.fbcdn.net/v/t39.30808-1/278502272_116380517685536_169863435363523684_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=104&ccb=1-7&_nc_sid=dbb9e7&_nc_ohc=IBhbat3bAUQAX_bFahG&_nc_ht=scontent-fra3-2.xx&edm=ADwHzz8EAAAA&oh=00_AfAOdjwsAYu8bdI1IjbU904fASXL8C2iVB17IPRzZn-z-A&oe=648DD2B5
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/plugins/page.php?href=https%3A%2F%2Fwww.facebook.com%2Fheroinvesting%2F&tabs&width=350&height=130&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=false&hide_cta=true&appId=3624856587599651
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 535291b89d01e51c8366ca2268b580c203f70e106d5e0dddaaa2fc7d5b2235b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
x-fb-trip-id: 1679558926
x-fbtype: 30808
x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
last-modified: Wed, 13 Apr 2022 00:24:57 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=1610464874
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 2857374795
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 1427

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 196 KB
71 KB 60ms
60ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dadf9dae832d6b64da4525ca6ca0fbfe0d11187374ecac1289156df3ae9242f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72178
x-xss-protection: 0
last-modified: Tue, 13 Jun 2023 19:21:35 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 13 Jun 2023 20:07:22 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
246 B 137ms
48ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je36c0&_p=1618440501&cid=1716734272.1686686842&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&dt=post-number&dp=%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&sid=1686686842&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 125ms
43ms XHR
application/javascript 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-amz-version-id: Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding: gzip
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront)
date: Tue, 13 Jun 2023 08:50:33 GMT
x-amz-cf-pop: FRA2-C1
age: 40610
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 26 May 2023 01:35:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: _mdcQ3M6MMg-KwRDV49eJCaCEBAOcp_H8rU_YElvdf6egguNR9driA==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 401 B
609 B 164ms
49ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=heroinvesting.com&callback=_gfp_s_&client=ca-pub-4980920491730550

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306080101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-4980920491730550&plah=heroinvesting.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b18845e599d1f1dd3e050bd0de36e794927c61b54be5c040b49c2e76847aaa66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 145ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=heroinvesting.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=HEADER&cls=v-sheet%20theme--dark%20v-toolbar%20v-toolbar--dense%20v-app-bar%20v-app-bar--fixed&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 25E1 603 B
218 B 183ms
182ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4980920491730550&output=html&adk=1812271804&adf=3025194257&lmt=1686686842&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686686841833&bpp=3&bdt=371&idt=262&shv=r20230612&mjsv=m202306080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8461998749246&frm=20&pv=2&ga_vid=1716734272.1686686842&ga_sid=1686686842&ga_hid=1618440501&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759842%2C44759926%2C42532280%2C42532278%2C31071755%2C31075259%2C44772268%2C44788442&oid=2&pvsid=197147639289706&tmod=89671707&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=292

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 post Show response
vrl9rgsahh7mx6ndn.ay.delivery/ivt/ 43 B
594 B 186ms
102ms Fetch
application/json 2606:4700:e2::ac40:8004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://vrl9rgsahh7mx6ndn.ay.delivery/ivt/post

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/ivt/vRL9rGsaHH7Mx6NDN/ivt.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e2::ac40:8004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3afbad72ec090cf7b4552ebfb082c0b8457215f5b01b4ab26f8682764652f0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 43
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pLgaMyl4%2ByU9u04eyIm%2Bc2OrSXBZpTWNcIX0kq1WEf%2BSk4VCgKrjMI8IvgdjT1iNMVLtDXYbbe47Tg93wfir2gY8c6cfsmPRvU7ao1jRI2wXB987Z4g5ssW8oLrvDxRPE%2BqY5dXPuhZqACKVHlIl3q%2BdnqUUyMG4RHL5XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store
cf-ray: 7d6cf59c4e3e68f5-FRA
access-control-allow-headers: X-Forwarded-For, X-Requested-With, Content-Type

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/ 404 KB
125 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

efa58e6c55e790f1c83deaa0e2b30bb1a075acc2ed6ec0f50f928c0d42dbc472

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 17:05:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10922
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127703
x-xss-protection: 0
server: cafe
etag: 12901696529074996400
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Wed, 12 Jun 2024 17:05:20 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
479 B 156ms
74ms XHR
application/json 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=heroinvesting.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c797db6fb7a82781e8ee27adb05da046181acab83890f71eb9c0a7013922d74b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 454
x-xss-protection: 0
expires: Tue, 13 Jun 2023 20:07:22 GMT

GET
H2 200 fpd Show response
u.kueezrtb.com/ 64 B
207 B 245ms
147ms XHR
text/plain 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://u.kueezrtb.com/fpd?_=1686686842234&yv=5a4be82
Requested by: Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/js/latest.js?_=1686686841855
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68b1acda5b6f1cfe1757c68bb6c7d0098e51a62c0dd864d4e0b6045e74ba4ac9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d6cf59cb8d539bc-FRA
content-length: 89

GET
H2 204 dye
track.kueezrtb.com/ 0
31 B 156ms
140ms Image
text/plain 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.kueezrtb.com/dye?ac=2&acm=G3&uid=9be70d5043546695&sid=c5fc12392374ad4b&pvi=4dc19c4e41cbd86&prx=1&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=114.0.5735.106&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&sr=1600x1200&type=latest:init&_=1686686842233
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d6cf59c3d1a3a6e-FRA

GET
H2 204 dye
track.kueezrtb.com/ 0
62 B 151ms
135ms Image
text/plain 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.kueezrtb.com/dye?ac=2&acm=G3&uid=9be70d5043546695&sid=c5fc12392374ad4b&pvi=4dc19c4e41cbd86&prx=1&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=114.0.5735.106&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&sr=1600x1200&type=latest:fpdr&_=1686686842234
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d6cf59c3d1d3a6e-FRA

OPTIONS
H2 204 unruly_prebid
targeting.unrulymedia.com/ Frame 0
0 588ms
189ms Preflight
text/plain 74.118.184.143
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.118.184.143 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heroinvesting.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://heroinvesting.com
access-control-max-age: 1728000
content-length: 0
content-type: text/plain charset=UTF-8
date: Tue, 13 Jun 2023 20:07:22 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
304 B 137ms
137ms XHR
text/plain 13.224.192.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fheroinvesting.com&pubid=d34c3868-1544-44a2-9899-167326b5d575
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.181 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-181.fra2.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:21 GMT
via: 1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA2-C1
x-cache: Miss from cloudfront
access-control-allow-origin: https://heroinvesting.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: bBmvULEopfcFAU3gE7F7JkJNEW_xbKELS6ClbJox-aYIGBflThHvzA==

POST
H/1.1 204
No Content hb Show response
cpm.catapultx.com/ 0
264 B 156ms
46ms XHR
text/plain 77.245.57.72
WEBAIR-INTERNET-MTL

General

Check archive.org

Show headers Download Go to

Full URL: https://cpm.catapultx.com/hb?zone=194374&v=1.6
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:22 GMT
Server: nginx
Age: 0
Access-Control-Allow-Origin: https://heroinvesting.com
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 0

POST
H2 200 bid-request Show response
a.teads.tv/hb/ 16 B
382 B 248ms
113ms XHR
application/json 23.218.209.56
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.teads.tv/hb/bid-request
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.209.56 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-209-56.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 42
expires: Tue, 13 Jun 2023 20:07:22 GMT

POST
H2 200 prebid Show response
mp.4dex.io/ 114 B
728 B 190ms
95ms XHR
application/json 2606:4700::6812:372
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:372 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f03b2fc52b3f433532f30c4eaea9b35ac938838fbb27eea75463f6f4760b736

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

x-version: 3.0.0-gcp-ams
date: Tue, 13 Jun 2023 20:07:22 GMT
x-err: Shapings: no adunits with size and seat and mapping
via: 1.1 google
cf-cache-status: DYNAMIC
content-encoding: gzip
x-warn: Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_ic_1__ayManagerEnv__1, Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_ic_1__ayManagerEnv__1, Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_side_r1__ayManagerEnv__1, Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_side_r1__ayManagerEnv__1, Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_side_l__ayManagerEnv__1, Validating the Prebid Request adunits. Duplicate adUnitCode: if_ay_dsk_side_l__ayManagerEnv__1, Process Seats Booster. unable to get the seat booster engine for organization: 1340
pragma: no-cache
server: cloudflare
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 7d6cf59ce88f9290-FRA
expires: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 234ms
144ms XHR
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ba5646ec538a9597364b4364fc0281c1c06ae33a37eb24d2c83c6231db636ce6

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 13 Jun 2023 20:07:22 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 25 B
405 B 181ms
64ms XHR
application/json 216.52.2.30
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.53.0-pre
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 10ededd2c2833f29e37921e041dda9d59f3dc2ab992d00ae2d577763e478d8a0

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 13 Jun 2023 20:07:22 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://heroinvesting.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap6ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 25

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
343 B 226ms
133ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 17a161aa64f0377f02e397aa802dccb6a02e90daaf736ed86fe8eae4c79d9f3a

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://heroinvesting.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 227ms
134ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 17a161aa64f0377f02e397aa802dccb6a02e90daaf736ed86fe8eae4c79d9f3a

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://heroinvesting.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 234ms
141ms XHR
application/json 34.149.20.76
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 17a161aa64f0377f02e397aa802dccb6a02e90daaf736ed86fe8eae4c79d9f3a

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
status: 200 OK
access-control-allow-origin: https://heroinvesting.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 204 unruly_prebid Show response
targeting.unrulymedia.com/ 0
165 B 554ms
186ms XHR
text/plain 74.118.184.143
RHYTHMONE

General

Check archive.org

Show headers Download Go to

Full URL: https://targeting.unrulymedia.com/unruly_prebid
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.118.184.143 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://heroinvesting.com
pragma: no-cache
date: Tue, 13 Jun 2023 20:07:23 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 hbjson Show response
grid.bidswitch.net/ 24 B
241 B 344ms
59ms XHR
application/json 35.158.192.151
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.192.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-192-151.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 67ccf410763aa4c7054eeda902aea1c194afdd8aeef55de0d6f2ceda13c51d8a

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-length: 49
content-type: application/json

POST
H2 200 hb-mm-multi Show response
hb.minutemedia-prebid.com/ 105 B
448 B 670ms
216ms XHR
application/json 35.163.232.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 35.163.232.44 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-163-232-44.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: d6f67420ea18265c9f0934ece3554335d7ab68e67abc277e6b8e0bb88ab8b8bf

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
server: istio-envoy
x-reason: maxmind anonymous
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://heroinvesting.com
content-type: application/json
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 37 B
553 B 269ms
177ms XHR
application/json 104.18.25.185
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.25.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac48c8215547ee0aaa58251664ed352658a46d5f0f5892009442780f96ea5267

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2BlJ%2Fuzy%2Fv9PcrdAt%2BPyMObc4iPzXEu2I8TzPKqD%2By2A3HmtbJw3MtQbYu%2B0IiaboytV5BKzU%2B3PVjYpni7ohA0LoZlwNJ127Q1pXlEaPHMwEjzQwcb4Leqz0ZEp0I%2F3WRC32Sde"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 7d6cf59cfd4d91dd-FRA
alt-svc: h3=":443"; ma=86400
content-length: 37
expires: 0

POST
H2 204 63ebe4b23a3c92dafc0c2e06 Show response
prebid.cootlogix.com/prebid/multi/ 0
288 B 373ms
133ms XHR
text/plain 157.245.87.200
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.245.87.200 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

POST
H2 204 63ebe4b23a3c92dafc0c2e06 Show response
prebid.cootlogix.com/prebid/multi/ 0
288 B 374ms
134ms XHR
text/plain 157.245.87.200
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.245.87.200 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

POST
H2 204 63ebe4b23a3c92dafc0c2e06 Show response
prebid.cootlogix.com/prebid/multi/ 0
289 B 371ms
132ms XHR
text/plain 157.245.87.200
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 157.245.87.200 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 428ms
274ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
564 B 432ms
279ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 308ms
155ms XHR
application/json 185.86.139.95
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.95 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:21 GMT
content-encoding: br
transfer-encoding: chunked
vary: Accept-Encoding, Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: no-cache,no-store
access-control-allow-credentials: true

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 531 B
610 B 699ms
275ms XHR
application/json 50.18.220.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.18.220.217 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-18-220-217.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: aff6c0c7412a3aae7c2ffa7a0d839ef3952ea15ebc914c9d639483096ea0be71

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 368

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 382 B
523 B 703ms
280ms XHR
application/json 50.18.220.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.18.220.217 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-18-220-217.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: b5b7ee94252dddc67b4bbcec5a0a942aa7f2c34eb52e1090bbd428c0895a12af

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 282

POST
H2 200 v1 Show response
btlr.sharethrough.com/universal/ 490 B
554 B 702ms
279ms XHR
application/json 50.18.220.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.18.220.217 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-50-18-220-217.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: a7dcfd9f7eb387852ab256e080478cb9d1e3e1ae946042e604a806ea338833a3

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
x-openrtb-version: 2.5
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 313

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 367ms
202ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_ic_1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&l_pb_bid_id=60326e8923771f7&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&rp_maxbids=1&slots=1&rand=0.6266558894852454
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 00f9946c407d3ca1f7ba99f8e61d333d3c9ab7ca633c0d44dd4ea1079f3d6e36

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 353ms
189ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_ic_1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&l_pb_bid_id=61c96c1fd580d2e&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&rp_maxbids=1&slots=1&rand=0.04726884731831493
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 420a6112471800c8bc15ecde1536fc38b374d3940e7ffa06ec5b63c2c1dac860

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 441ms
277ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_ic_1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&l_pb_bid_id=627b509f00a4e88&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=8aab1506-8829-4b71-97ca-579a05bd90c1&rp_maxbids=1&slots=1&rand=0.8185406317915944
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ec4158783b4a5ff6ebbaefa6bc4167d56e1958dcf2dbdc9ed63935df42bc9700

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 463 B
798 B 474ms
310ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=9%2C10%2C43&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_r1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&l_pb_bid_id=6380eb2265aff76&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&rp_maxbids=1&slots=1&rand=0.2755611665078035
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: c4d1f1e05369560edc9ad67b6e6fa2b22897cf2719bc063b426f0f042965589b

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 463
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 417ms
253ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=9%2C10%2C43&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_r1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&l_pb_bid_id=64711dcd154c1b1&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&rp_maxbids=1&slots=1&rand=0.5518744114217669
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 89f2bad5570d74d7039fc0d785492c19f08039210a9ef54482a1a71f4f39861f

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 364ms
200ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=9%2C10%2C43&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_r1__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&l_pb_bid_id=6508683df33d54c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=a6ab14d2-c3b7-4889-9d47-b7f448b1abb4&rp_maxbids=1&slots=1&rand=0.3772072397919968
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 64c2aa724071bfe85f679b4c5e32bc376403b8a99ce67b625383b05c97d41178

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 392ms
228ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=9&alt_size_ids=8&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_l__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&l_pb_bid_id=66ac0abbaafeefe&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&rp_maxbids=1&slots=1&rand=0.6003292149259314
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7ba9a984dda000dd5e974f1936ace53dc6d6f74d624c8544641de5d138cc60eb

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 13 KB
6 KB 403ms
239ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=9&alt_size_ids=8&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_l__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&l_pb_bid_id=67822ece4c98341&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&rp_maxbids=1&slots=1&rand=0.23212823380019998
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 30f9f1d908d362f057977962b15d079838b2fcbd05a2c3bc6990c9de48c877b8

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 12 KB
6 KB 495ms
331ms XHR
application/json 2602:803:c004:200::140
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=9&alt_size_ids=8&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tg_i.pbadslot=if_ay_dsk_side_l__ayManagerEnv__1&tk_flint=pbjs_lite_v7.53.0-pre&x_source.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&l_pb_bid_id=68c6a3e3d10f02&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=0b85d72b-d1c1-4c01-a045-3d5016ce7946&rp_maxbids=1&slots=1&rand=0.17307347736862577
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3989386a0a9d7fc59c23d83ea6faa41e4c0384efc942097719c532ecb8eec0bf

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://heroinvesting.com
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
560 B 668ms
232ms XHR
application/json 54.241.14.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=7.53.0-pre&referrer=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tmax=2500

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.241.14.1 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-241-14-1.us-west-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
accept-ch: sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness
x-auction-status: 29, 29
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
278 B 481ms
226ms XHR
text/plain 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 105
server: envoy
vary: origin, Accept-Encoding

POST
H2 200 hb-multi Show response
hb.yellowblue.io/ 105 B
448 B 655ms
217ms XHR
application/json 35.163.232.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 35.163.232.44 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-163-232-44.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 5a75d14402b77a707d71b0b3fd6b5a8203370d29e366d038f405ab49de3d385b

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
server: istio-envoy
x-reason: maxmind anonymous
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://heroinvesting.com
content-type: application/json
access-control-allow-credentials: true
x-envoy-upstream-service-time: 4
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length: 105

POST
H2 200 bid Show response
s.seedtag.com/c/hb/ 11 B
401 B 533ms
441ms XHR
application/json 34.149.50.64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://s.seedtag.com/c/hb/bid
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.50.64 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 64.50.149.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
via: 1.1 google
server: openresty
etag: W/"b-OSzRjQUfcriHUprCmY2lR0nxM48"
vary: X-HTTP-Method-Override
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 11
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 204 641ab9f7284b9911720b9b75 Show response
exchange.kueezrtb.com/prebid/multi/ 0
289 B 401ms
124ms XHR
text/plain 142.93.54.172
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 142.93.54.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

POST
H2 204 641ab9f7284b9911720b9b75 Show response
exchange.kueezrtb.com/prebid/multi/ 0
288 B 401ms
124ms XHR
text/plain 142.93.54.172
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 142.93.54.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

POST
H2 204 641ab9f7284b9911720b9b75 Show response
exchange.kueezrtb.com/prebid/multi/ 0
288 B 401ms
124ms XHR
text/plain 142.93.54.172
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 142.93.54.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length: 0

GET
H2 200 trinity.json Show response
apex.go.sonobi.com/ 137 B
930 B 399ms
128ms XHR
application/json 69.166.1.8
AS-XFERNET

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2296194e4caa32bed%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3Dif_ay_dsk_ic_1__ayManagerEnv__1%2Cc%3Dd%2C%22%2C%2297b12fea05aadee%22%3A%22ab18e1366d6110b8df97%7C300x250%2C160x600%2C300x600%2C320x50%7Cgpid%3Dif_ay_dsk_side_r1__ayManagerEnv__1%2Cc%3Dd%2C%22%2C%2298386c93201ac32%22%3A%22b73b2d5a888130b1e9b1%7C120x600%2C160x600%7Cgpid%3Dif_ay_dsk_side_l__ayManagerEnv__1%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&s=21955c3d-424c-40b6-b922-a39d2e236e64&pv=91f2197d-251e-47f9-a40c-024a0bbac932&vp=desktop&lib_name=prebid&lib_v=7.53.0-pre&us=5&iqid=null&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.106%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%7D%7D&ius=1&coppa=0

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.166.1.8 , United States, ASN27630 (AS-XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

33311bb16e421a08959c36257701332c14bbba1703cf220f09b1daef7673085a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-5-167
content-type: application/json
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache, no-store, private
access-control-allow-credentials: true
tcn: Choice
content-length: 162
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 425 B
817 B 709ms
283ms XHR
application/json 54.149.117.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1686686842300&to=0&aun=if_ay_dsk_ic_1__ayManagerEnv__1&gpid=if_ay_dsk_ic_1__ayManagerEnv__1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.53.0-pre%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&ns=10035
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.149.117.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-149-117-181.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 2cd8a0eb854b77f7500c80d39422e09a81ce26208dfc056f718195884104a293

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 425 B
816 B 696ms
270ms XHR
application/json 54.149.117.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1686686842300&to=0&aun=if_ay_dsk_side_r1__ayManagerEnv__1&gpid=if_ay_dsk_side_r1__ayManagerEnv__1&t=notmta6c&pi=3&maxw=300&maxh=600&si=1008719&bf=300x250%2C160x600%2C300x600%2C320x50&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.53.0-pre%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&ns=10035
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.149.117.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-149-117-181.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 088d6d00bae261943247c9ca2f7f683b39906e05242c15caa9893199f358418b

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 425 B
817 B 681ms
255ms XHR
application/json 54.149.117.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?lt=1686686842304&to=0&aun=if_ay_dsk_side_l__ayManagerEnv__1&gpid=if_ay_dsk_side_l__ayManagerEnv__1&t=notmta6c&pi=3&maxw=160&maxh=600&si=1008718&bf=120x600%2C160x600&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ce=false&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%227.53.0-pre%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&ns=10035
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.149.117.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-149-117-181.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 1b0b261411ab16f5e1f21c988a5bad7405f020d8cb55bb7f977e8f6d0f0cc0da

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
cache-control: private, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
expires: 0

GET bid
aax.amazon-adsystem.com/e/dtb/ 0
0

GET
H2 204 dye
track.kueezrtb.com/ 0
31 B 149ms
148ms Image
text/plain 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.kueezrtb.com/dye?ac=2&acm=G3&uid=9be70d5043546695&sid=c5fc12392374ad4b&pvi=4dc19c4e41cbd86&prx=1&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=114.0.5735.106&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&sr=1600x1200&type=latest:br&_=1686686842297&bidder=kueezrtb&at=display&v=3
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d6cf59c9d943a6e-FRA

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 3 KB
1 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1686686842352&cv=11&fst=1686686842352&bg=ffffff&guid=ON&async=1&gtm=45be36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tiba=Ridiculous%20T-Shirts%20That%20People%20Actually%20Wore%20In%20Public&hn=www.googleadservices.com&frm=0&auid=368187764.1686686842&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&rfmt=3&fmt=4

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c1363ee1baaa832c6df0441916e077c03a1321dbab9a488949642478d35d2cdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1406
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
878 B 146ms
42ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 13 Jun 2023 20:07:22 GMT
x-content-type-options: nosniff
content-encoding: br
age: 31665
x-jsd-version: master
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 439
x-served-by: cache-fra-eddf8230080-FRA
x-jsd-version-type: branch
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 2 KB
2 KB 135ms
40ms Script
text/javascript 34.96.70.87
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 19:18:17 GMT
via: 1.1 google
age: 2945
x-guploader-uploadid: ADPycdvRj7DuBqFlgk35fPXZPEnE7nZDEkriu--HeBmEcSvw-ORsD9I0_Ii5jh9mDDQZLgWZW7A2LT7GvQ3pRbvTPy2SzrgxRVbW
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1938
last-modified: Thu, 27 Apr 2023 19:53:17 GMT
server: UploadServer
etag: "0a4a90264145ed4c5c647dae5dfb0429"
x-goog-generation: 1682625197861193
x-goog-hash: crc32c=jhvysQ==, md5=CkqQJkFF7UxcZH2uXfsEKQ==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 1938
accept-ranges: bytes
expires: Tue, 13 Jun 2023 20:18:17 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 38 KB
12 KB 140ms
44ms Script
text/javascript 65.9.66.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-68.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 01:47:30 GMT
content-encoding: gzip
via: 1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
last-modified: Wed, 31 May 2023 20:34:33 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 65993
x-amz-server-side-encryption: AES256
etag: W/"550ead3a95bd6cfcd917d45c5f8f4553"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: vNZwLFCUr6SqaUT0miYXnb1L8u1YI64usXrNwyv9noA7vGqiMKJxuQ==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 59 KB
17 KB 148ms
52ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6df03d6bd1a8ca1ce49d6b92d5fd80d5c1358191040696703718ce2054b1b2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 06 Jun 2023 14:15:50 GMT
server: cloudflare
x-amz-request-id: X3DKEY07YJWPN16K
age: 1593
etag: W/"8c1740edd46834c66e82586d99a9e74c"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7d6cf59db9140404-FRA
x-amz-id-2: v/iixkDOgayo7Cbf5Sb03I5/5fQIw5jmPINExZLprTTmIhyKgi9qDbRCiqIPnefSorawpNdH/2VOLjMXHK3fGA==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 144ms
40ms Script
text/javascript 2600:9000:2250:f600:a:e047:753:be1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:f600:a:e047:753:be1 , United States, ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Tue, 13 Jun 2023 05:58:55 GMT
Via: 1.1 fce673b0e9c8ffbca0678547d3b9c424.cloudfront.net (CloudFront)
Last-Modified: Thu, 04 May 2023 00:14:06 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA60-P2
Age: 50908
x-amz-server-side-encryption: AES256
ETag: "4d5acbf33f4a0592ac0515db92fe88e6"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1858
X-Amz-Cf-Id: pOQWh9lTy9pT6afh4jZH5_RvUiuIUhmpV9Mh6Tq8jFdTXQ4FxCR8fA==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 135ms
41ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 20 May 2023 23:12:18 GMT
content-encoding: gzip
age: 2062504
x-guploader-uploadid: ADPycdvJ9f2JAcW_u33Wuncj8S73-G6Q6wRUusXGmU1oTYHkwdtBIiLp1LRa7LAdcbtsWxYQGd2x5956XBCXTVQq42M4_Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Sun, 19 May 2024 23:12:18 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 181ms
83ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

839c424b188a9bdafd46e5b643a2c5afb4b7df5e51f0321ffafd5f23b118e259

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 31 May 2023 13:09:50 GMT
server: nginx
etag: W/"6477471e-a980"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 14 Jun 2023 20:07:22 GMT

GET
H3 200 hLvypmn2APN.png
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ Frame 0803 852 B
908 B 88ms
40ms Image
image/png 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/hLvypmn2APN.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/WJkHBndVAn0.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0caf169e93e0e6987ad792cc2a026fa069b3fa6c9d1e1c1e333432141fa3f2a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/yz/l/0,cross/WJkHBndVAn0.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
x-content-type-options: nosniff
content-md5: 1KxKoxm3n4ThY8RGVSrDGw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 852
x-fb-rlafr: 0
x-fb-debug: OlYZPNLUpLSGEzoQ04JtJrctHlAOP0MG1key5+geij+UbkXxhPX13otJkTuSvKrsy7Ymy9lR90eYG7p5T8uggw==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=1,i
expires: Sat, 01 Jun 2024 16:52:13 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10887832869/ 42 B
455 B 148ms
55ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10887832869/?random=1686686842352&cv=11&fst=1686686400000&bg=ffffff&guid=ON&async=1&gtm=45be36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tiba=Ridiculous%20T-Shirts%20That%20People%20Actually%20Wore%20In%20Public&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&fmt=3&is_vtc=1&random=794746891&rmt_tld=0&ipr=y

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10887832869/ 42 B
455 B 143ms
52ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10887832869/?random=1686686842352&cv=11&fst=1686686400000&bg=ffffff&guid=ON&async=1&gtm=45be36c0&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&tiba=Ridiculous%20T-Shirts%20That%20People%20Actually%20Wore%20In%20Public&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&fmt=3&is_vtc=1&random=794746891&rmt_tld=1&ipr=y

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 dye
track.kueezrtb.com/ 0
31 B 140ms
140ms Image
text/plain 2606:4700:10::6816:227b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.kueezrtb.com/dye?ac=2&acm=G3&uid=9be70d5043546695&sid=c5fc12392374ad4b&pvi=4dc19c4e41cbd86&prx=1&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=114.0.5735.106&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&sr=1600x1200&type=latest:fpdrd&_=1686686842480
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7d6cf59dff6e3a6e-FRA

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 305 B
400 B 61ms
61ms Fetch
application/json 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: e668a2ce87ae56294e64224a7a119102ca3fa73725ccb3041c17e6ad1365e6ae

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
via: 1.1 google, 1.1 google
server: Google Frontend
content-type: application/json
access-control-allow-origin: *
x-cloud-trace-context: e6c23f54908eda83c355e65e6fd71e4e
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 305

OPTIONS
H2 200 encrypt
esp.rtbhouse.com/ Frame 0
0 146ms
57ms Preflight
text/plain 35.190.39.111
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heroinvesting.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: https://heroinvesting.com
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
content-type: text/plain; charset=utf-8
date: Tue, 13 Jun 2023 20:07:22 GMT
server: Google Frontend
vary: Origin
via: 1.1 google, 1.1 google
x-cloud-trace-context: 315f089fc9eddc4275a25c83d1421003

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp&cc=1

85 B
202 B

152ms
151ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp&cc=1
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: e81bb8c5aaf4325dc3e4d3f8b2a892578b48761d7898a15a0ac75b7999b578e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:22 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-ik5ms9tBBT4dlNUbjZ/ffEdHgA8"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://heroinvesting.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Tue, 13 Jun 2023 20:07:22 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://heroinvesting.com
location: /esp?url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
335 B 600ms
197ms XHR
application/json 54.219.150.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.219.150.145 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-219-150-145.us-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 72e16ad03de3c5b13f87d257cedf4d941b2dfdefc898113c5cf4cb8394af19e3

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:23 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://heroinvesting.com
cache-control: no-cache
x-server: 10.41.29.76
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
326 B 133ms
42ms XHR
text/plain 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heroinvesting.com
date: Tue, 13 Jun 2023 20:07:22 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 174A 15 KB
6 KB 157ms
49ms Document
text/html 2a02:2638:d::d
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=heroinvesting.com

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::d , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:21 GMT
server: Kestrel
server-processing-duration-in-ticks: 342672
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 174A
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=heroinvesting.com&sn=ChromeSyncframe&so=0&topUrl=heroinvesting.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=kfeHzHxiMEJsR1lBbEtncUNDM1kxR2FYeVdPVkdReVpaK3FTS3JYSzRJQzFiQm9Ca3ozcjhYNGdRQzNNdHJUVkZlVDVQcVBmQjVQeENqQTE5QStmQ1grdk5MZ1oyOERPY2dJS2h4WUI4UG1XYm9sT2xEdFpvSW9pa0YzM2...

459 B
668 B

503ms
156ms

Fetch
application/json

74.119.118.149
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=kfeHzHxiMEJsR1lBbEtncUNDM1kxR2FYeVdPVkdReVpaK3FTS3JYSzRJQzFiQm9Ca3ozcjhYNGdRQzNNdHJUVkZlVDVQcVBmQjVQeENqQTE5QStmQ1grdk5MZ1oyOERPY2dJS2h4WUI4UG1XYm9sT2xEdFpvSW9pa0YzM2hMYURUWUdETzEybTZFelFuL3c4R25rTXRaeXRCa3pUR0MxcDd0U2t2eHJaQis4eXcwSmtnZEZhNGVQdXcyS3NEYWZhNzhyM1psNXM4enJneldYZTJ4SzBUdkFRMVFQR2tuR1FEKzVNczVYTGs0QlJQL0FTWGNSTnBUM1ZqWXg1L21Wd01oSXpEZFRpSThIVGFBTGk0cXlyVmMvWmNTQ2doVitTL0dlSmJxREh1Y0FPbE1WYz18&cppv=2

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Server

74.119.118.149 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

7a359b3ddbf44d6f749d2c10444374a11c65d60d78ba49dec6f1df58e9c17772

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:23 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1634202
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:22 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=kfeHzHxiMEJsR1lBbEtncUNDM1kxR2FYeVdPVkdReVpaK3FTS3JYSzRJQzFiQm9Ca3ozcjhYNGdRQzNNdHJUVkZlVDVQcVBmQjVQeENqQTE5QStmQ1grdk5MZ1oyOERPY2dJS2h4WUI4UG1XYm9sT2xEdFpvSW9pa0YzM2hMYURUWUdETzEybTZFelFuL3c4R25rTXRaeXRCa3pUR0MxcDd0U2t2eHJaQis4eXcwSmtnZEZhNGVQdXcyS3NEYWZhNzhyM1psNXM4enJneldYZTJ4SzBUdkFRMVFQR2tuR1FEKzVNczVYTGs0QlJQL0FTWGNSTnBUM1ZqWXg1L21Wd01oSXpEZFRpSThIVGFBTGk0cXlyVmMvWmNTQ2doVitTL0dlSmJxREh1Y0FPbE1WYz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 304020
content-length: 0
expires: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 179ms
97ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230612&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fd014910db1d586fc8c21ea010dfde011e4a21652d41bdebaeb18546927e335

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:23 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11322
x-xss-protection: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 465C 0
176 B 137ms
49ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 13 Jun 2023 20:07:23 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 151ms
57ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 13 Jun 2023 20:07:23 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 20CF 13 KB
5 KB 42ms
40ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 10509
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 17:12:14 GMT
expires: Wed, 12 Jun 2024 17:12:14 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F278 783 B
950 B 53ms
53ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7ccce0134edea8d4379ea70a222ec79a249f5f27d751bbc9198a542d13e27967

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VQBJsal0se6iqImgt_ncFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 511
content-security-policy: script-src 'report-sample' 'nonce-VQBJsal0se6iqImgt_ncFw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:23 GMT
expires: Tue, 13 Jun 2023 20:07:23 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 20CF 37 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278563
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F278 0
0 74ms
73ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230612&jk=197147639289706&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 20CF 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?poJ6qA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:23 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 49ms
48ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=heroinvesting.com

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 244 KB
61 KB 1752ms
1752ms XHR
text/plain 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=197147639289706&correlator=2212822569680617&eid=31074650%2C31075061%2C31075064%2C31075234%2C31070232&output=ldjh&gdfp_req=1&vrg=202306070101&ptt=17&impl=fifs&iu_parts=22890879159%2Chi_ay_dsk_ic_1%2Chi_ay_dsk_side_r1%2Chi_ay_dsk_side_l&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=320x100%7C320x50%7C300x250%7C300x100%2C300x250%7C160x600%7C300x600%7C320x50%2C120x600%7C160x600&ifi=2&adks=3283001759%2C3379801052%2C1640795913&sfv=1-0-40&prev_scp=uam%3Dtrue%26amznbid%3D1%26amznp%3D1%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.02%26hb_adid%3D10635844472c44e7%26hb_bidder%3Drubicon%7Cuam%3Dtrue%26amznbid%3D1%26amznp%3D1%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.06%26hb_adid%3D105c3f473427a58d%26hb_bidder%3Drubicon%7Cuam%3Dtrue%26amznbid%3D1%26amznp%3D1%26hb_format%3Dbanner%26hb_size%3D160x600%26hb_pb%3D0.01%26hb_adid%3D107a7e2cea325054%26hb_bidder%3Drubicon&eri=1&sc=1&cookie=ID%3D76c9cc1106cbc0c9-22f7a8307ce1000c%3AT%3D1686686842%3ART%3D1686686842%3AS%3DALNI_MbaNul_QKHBxYcs4jzsyAIVASVXfw&gpic=UID%3D00000c4e8e30f5f3%3AT%3D1686686842%3ART%3D1686686842%3AS%3DALNI_MYw_RtXIK9cQAGa-uDj0aONs8UWgA&abxe=1&dt=1686686843443&lmt=1686686843&dlt=1686686841462&idt=924&adxs=561%2C1196%2C130&adys=2277%2C1539%2C1539&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C3&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&frm=20&vis=1&psz=320x-1%7C300x0%7C120x0&msz=320x-1%7C300x0%7C120x0&fws=4%2C516%2C516&ohw=802%2C1600%2C1600&ga_vid=1716734272.1686686842&ga_sid=1686686842&ga_hid=1618440501&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b723fd8255304adbf4d241c102efb0627de03e364a41ddaa313d2d066e52deb3

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO2wn5GGwf8CFQisdwod-8oJYQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17965573926975204268/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CO2wn5GGwf8CFQisdwod-8oJYQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17965573926975204268/index.html
date: Tue, 13 Jun 2023 20:07:25 GMT
x-content-type-options: nosniff
content-encoding: br
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62871
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heroinvesting.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A26B 6 KB
3 KB 165ms
48ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:23 GMT
expires: Wed, 12 Jun 2024 20:07:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 76ms
76ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230612&jk=197147639289706&bg=!WFulWw_NAAaGYqkwpmI7ADkAdvg8WibGtyzYEWyNR2benngNid43CzroJHiAdBVA_NXPdouwtK-a-SrRiUkeCDIu7AOAq5RbOJ4CAAAATlIAAAAFaAEHmQLyQnrk91w7w5CvXabZ7KojbN7OayFHTqPOvJxwM4AIIbiytObKn29uD4fq7EpHn83dfiTQ-bYQ_LAnGI99DjfNh2nPDtOir_JPHlZIl9E45RcnOHHp1D6ViEVZVVnKTPqRze32r9lJMY7QFT9Gw4M8grAaA6KZ9G3lXvS47gFbrOwZiWHm04XTZ9QfN4aK5ZlPIQE1DJV1dKEbn5Y00tPRgabPCx2-9SgcS7G9Lv4_bT7DdF2OSNC699SpiTaDGvT1jaCUF8M_bAlZ3rLVri3OCZ1wwDz0KIBGGGwHHQSUMq70zbT9Hspu_-fUV4JiJXycqwOLPFcgfG-4f2N3u_UHrciRE6n7rDvdrqmslZiHklLihAfQbBU2M2okbf6l1HvRbc75gRITohpacdxDnmBeTTdm-KMv78pXvisK6eF0Sw80qHyKcOfTJMovwmG-k4vGwmk4opejcsZcWjxvxvWhy252LXugAkneiP-DZAVX1Xy0rQ3MAtn8whfNwTzEQKUnX2uICL5gYTtEGt2p0D4EjyWF1LXzscJWQEzWYDFUeT7x-bzjSQ22Ft1XfghJROEsrwaX7vJO3nhXvpLvniuMWy5Drlpwb-pBfZvqbFIu7A_MFEps6DiNIVlgxIPtEqPQSZxKZ6M3b-gcZNAIDLYO33IQ8m3T-CC9TSux_utu1nGrlSXTB1UkT3kS_JxeVNpyRFrrd3qnmCa7uwdlxS4dx62kSiki17pJWobXv1VT5IqMn2FgPCMyoXrNloZ8R8ZWrR6--23xnDCvuBTpNyiJZgQp3Ur2mHgDkgLjOk5VNxH2NJ7lyQ8x1FzH7X3KYYslRS8gthYVTSB8cdC3cm2GO7ctEr9YrOckq0zKyBBzygKSmugfSQcHFhXhbwW_Pf5KTDJ9U6eXnsBEx8ZNRllk-ifhQSeVmpb3jevF_9vCpLbZvUNKQxyH4gjLlFuG0zDLBJxdHVdKYWcCuAEdHRfUhZF-xq1KMECuLJqEqCePQNVPXw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032305252018000/ Frame 70C5 222 KB
61 KB 176ms
41ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026ea7ee6b3f89ff44678e36a04f461d8a50979812a390537845226ab48cd1b2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 10 Jun 2023 05:57:52 GMT
age: 310173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61823
x-xss-protection: 0
server: sffe
etag: "83381e4039281ff8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Jun 2024 05:57:52 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame 70C5 15 KB
5 KB 296ms
162ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Jun 2023 19:25:37 GMT
age: 348108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 08 Jun 2024 19:25:37 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame 70C5 94 KB
28 KB 286ms
151ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 10 Jun 2023 13:02:15 GMT
age: 284710
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Jun 2024 13:02:15 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame 70C5 5 KB
2 KB 285ms
150ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Jun 2023 15:40:06 GMT
age: 361639
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "9635e780e0a5dede"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 08 Jun 2024 15:40:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame 70C5 40 KB
13 KB 279ms
145ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 06 Jun 2023 22:17:30 GMT
age: 596995
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 05 Jun 2024 22:17:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 70C5 6 KB
1 KB 139ms
51ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Jun 2023 20:07:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Jun 2023 18:40:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Jun 2023 20:07:25 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/032305252018000/ Frame E002 222 KB
60 KB 239ms
111ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

026ea7ee6b3f89ff44678e36a04f461d8a50979812a390537845226ab48cd1b2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 10 Jun 2023 05:57:52 GMT
age: 310173
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61823
x-xss-protection: 0
server: sffe
etag: "83381e4039281ff8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Jun 2024 05:57:52 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame E002 15 KB
5 KB 149ms
149ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Jun 2023 19:25:37 GMT
age: 348108
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5238
x-xss-protection: 0
server: sffe
etag: "6efdfbd3c81d03c9"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 08 Jun 2024 19:25:37 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame E002 94 KB
28 KB 150ms
149ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 10 Jun 2023 13:02:15 GMT
age: 284710
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28864
x-xss-protection: 0
server: sffe
etag: "51fe97ef57b83921"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Jun 2024 13:02:15 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame E002 5 KB
2 KB 158ms
157ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Jun 2023 15:40:06 GMT
age: 361639
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1896
x-xss-protection: 0
server: sffe
etag: "9635e780e0a5dede"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 08 Jun 2024 15:40:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/032305252018000/v0/ Frame E002 40 KB
13 KB 159ms
158ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/032305252018000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 06 Jun 2023 22:17:30 GMT
age: 596995
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12956
x-xss-protection: 0
server: sffe
etag: "bd37dd4c3b7b688b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 05 Jun 2024 22:17:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame E002 14 KB
1 KB 141ms
60ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306070101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Jun 2023 20:07:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Jun 2023 19:48:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Jun 2023 20:07:25 GMT

GET
H2 200 container.html Show response
2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0127 6 KB
3 KB 42ms
41ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:23 GMT
expires: Wed, 12 Jun 2024 20:07:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 70C5 2 KB
2 KB 41ms
40ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 22:44:13 GMT
x-content-type-options: nosniff
server: cafe
age: 76992
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Tue, 13 Jun 2023 22:44:13 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 70C5 295 B
319 B 42ms
40ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 10:36:44 GMT
x-content-type-options: nosniff
server: cafe
age: 34241
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 14 Jun 2023 10:36:44 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 70C5 0
0 50ms
48ms Image
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS4BKE4O4MOI1BXW8Pn28jkTc0nHoVZ7Eq0gKivTnGPioIiZRdtT9ebnGAzEgNas39SHTYI-TlWWdQ5EzvTO34MpaTZgQ
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 70C5 0
0 88ms
86ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cc48le8yIZKWHIIjY3gP7laeIBtfA9oFx4fHipuEQ2tkeEAEgp_24mgFgldqNgpgHoAH4zq3WA8gBCakCpOQf3nIgsj7gAgCoAwHIAwqqBLACT9BI6Hu8v2734C8VUUIBSyN3_ddVBwUqDB2dSsZukefAL8KBEQwrL54xye_GYBt4fJoVVoAt8BCN63znp2qaL5GkF9Z7FRcQ3UXqmVQBjSjiDHhvaZxwaaEbhbn54hGajaYqMn4_287hpDWHxZ_Qp6xkoY6myJT6mBT0v3F5CDKEjwnoMp-MZGXZFI2w-h_fzd9r-gCtF1GMisgu7wxvjlDMXjLTfkN75yhA4KSvHj4XZZvBFhNezVZh8inBpGPnOJvmObyEVTFerURuPZACumV-jGSrXM3h61MES_mGLQElrRbcTOgkI_Mjtd14IkIt4HArBR9HVJSYFSVE9aZHVf0oNfR0_Rw7H5K29f3gU47X7Lh8mMeYyduMM8Su9ElEaH3SXOaCBt8WUUU3TkbZT8AE_8OfkZwE4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_Cw0imoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCChAjSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsBuBPkA9gTDYgUAdAVAZgWAYAXAbIXHwodCAASFHB1Yi00NjI4NTMzMTA3MjMwNDU5GOPZkAE&sigh=NBGeq-88aZs&uach_m=[UACH]&cid=CAQSOwBygQiDze2KadRcS9r9TyqazlEaoRS3Aig6DQwhb9ApUlteV-2zu30_l1i8SBdrHbDCg1pdQBwkTSqDGAE&template_id=484
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E002 2 KB
2 KB 41ms
40ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Mon, 12 Jun 2023 22:44:13 GMT
x-content-type-options: nosniff
server: cafe
age: 76992
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Tue, 13 Jun 2023 22:44:13 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame E002 295 B
319 B 42ms
40ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 10:36:44 GMT
x-content-type-options: nosniff
server: cafe
age: 34241
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Wed, 14 Jun 2023 10:36:44 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E002 0
0 50ms
48ms Image
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQjuvJ0kPAcqQsMoJyUvF7DrRFQOYOrbbDcodh21cu0HcQGePuDzYhCapZ1Cfq8DiEwkf89g57i40n6UH3M9pRF10hKmw
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame E002 0
0 88ms
85ms Image
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C49V2e8yIZKaHIIjY3gP7laeIBtfA9oFxgfPipuEQ2tkeEAEgp_24mgFgldqNgpgHoAH4zq3WA8gBCakCpOQf3nIgsj7gAgCoAwHIAwqqBLACT9Czm3Lbcjz2lg4KqAz5YzgMVbjGeHZCYkbAnNO086QE8q8FN9bQ4IsKRV8g0UUWnL-R821do6fwsG6bcmzZdSxEnraWCug_kTVO1XCNco0KSKHuvmprx7kFmmmeQ630p4ZNIw9ks6-pq3a26jeFB2cAxtU1zAW9wkwjYu_ywSJcerE9LEizTv8oVmLduYZaud_SJ1DlY8qwD6fgcY3ABFGOLxCLVmFPETyND8ognWg3JPUGjVZdqwd2GzOMekkx7JFOe93sWTmxOV_tSb10_skvyXN4HYOWCoISfquxEqz7sP5KIA4UA-XNc5uWiICxK9u4i9KAd8EsIKt6ZVAzrovxt2epYqaz5zSuoqv2AOuV3nOuHpBfQR-cpqJ3Cthd1-AMG3t3PE93-yr2jcKHtMAE_8OfkZwE4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_Cw0imoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBCA1gfSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDyAsB2BMNiBQB0BUBmBYBgBcBshcfCh0IABIUcHViLTQ2Mjg1MzMxMDcyMzA0NTkY49mQAQ&sigh=6xV3dkT77RY&uach_m=[UACH]&cid=CAQSOwBygQiDze2KadRcS9r9TyqazlEaoRS3Aig6DQwhb9ApUlteV-2zu30_l1i8SBdrHbDCg1pdQBwkTSqDGAE&template_id=5000
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

POST
H2 200 / Show response
api.assertcom.de/ 14 B
334 B 144ms
64ms XHR
text/plain 94.130.203.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://api.assertcom.de/
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.203.123 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.203.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 7051801ff4268663af6c793fc30c889d6746a7a96d2611fa054d4a0baa950d88

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:25 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
access-control-allow-origin: https://heroinvesting.com
cache-control: no-store, no-cache, private, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding
content-length: 14
expires: Thu, 01 Jan 1980 00:00:01 GMT

POST
H2 200 / Show response
api.assertcom.de/ 14 B
333 B 183ms
109ms XHR
text/plain 94.130.203.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://api.assertcom.de/
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.203.123 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.203.130.94.clients.your-server.de
Software: nginx /
Resource Hash: b662940096002cc28c8486f1b5d1c21e15dd63bf479fabd6a8d961de03a3241b

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:25 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
access-control-allow-origin: https://heroinvesting.com
cache-control: no-store, no-cache, private, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding
content-length: 14
expires: Thu, 01 Jan 1980 00:00:01 GMT

POST
H2 200 / Show response
api.assertcom.de/ 14 B
333 B 180ms
108ms XHR
text/plain 94.130.203.123
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://api.assertcom.de/
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 94.130.203.123 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.123.203.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 942d0082516df4f4dbf3e9fc13c61d35db8041ba2f96ca5f880604adb49a5a40

Request headers

Referer: https://heroinvesting.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 13 Jun 2023 20:07:25 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/plain
access-control-allow-origin: https://heroinvesting.com
cache-control: no-store, no-cache, private, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding
content-length: 14
expires: Thu, 01 Jan 1980 00:00:01 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/6499300112789750144/ Frame 70C5 15 KB
16 KB 41ms
41ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6499300112789750144/14763004658117789537?w=400&h=209

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13199916a0797ed4d53d536cd8a53379e574c5fe74b4bf44a7b87bb97216bb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Wed, 07 Jun 2023 07:20:57 GMT
x-content-type-options: nosniff
age: 564388
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15862
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 14:45:31 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 06 Jun 2024 07:20:57 GMT

GET
DATA 200
OK truncated
/ Frame 70C5 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 70C5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a5e48bde53f3dd060db6471cbc9193671f969ee3cf71a76b6285a40cbbda6f03

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17976527360740707765/ Frame E002 22 KB
22 KB 49ms
49ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17976527360740707765/14763004658117789537?w=400&h=209

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

41785335bcbef23c043351e489dca6e457472c706b9de78d401c2ce1ea2e2db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 07:53:59 GMT
x-content-type-options: nosniff
age: 303206
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22249
x-xss-protection: 0
last-modified: Tue, 28 Jun 2022 00:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 07:53:59 GMT

GET
DATA 200
OK truncated
/ Frame E002 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E002 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3e4aff932cafd42e55b1af0534929b42c42cce514e67029b00d55992cd96f5fa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame E002 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a736a20f83797d0b47b2199a32432a48c93968e707716a6e4ef739047d803dac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/ Frame 37C5 131 KB
26 KB 41ms
41ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html

Requested by

Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbe3c51e98db301a93d9940ccafdb4fb69dc61b18d1199a22c7418278ea6a422

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 254104
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 26183
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sat, 10 Jun 2023 21:32:21 GMT
expires: Sun, 09 Jun 2024 21:32:21 GMT
last-modified: Sat, 26 Nov 2022 20:54:45 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0127 0
0 85ms
84ms Fetch
text/html 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cz35Ze8yIZK2HIIjY3gP7laeIBqn1gI9t19GYzZcR19aivcABEAEgp_24mgFgldqNgpgHoAHM5e76KMgBCeACAKgDAcgDSKoEsQJP0JKmxJjgEhVGI3YDf9iRy2oRBxz9ON3OANLopzr3KQ05YrAicVTVw99Lm9chtvSNmGe3dSz0kK3pNx9kx0SztkJJU-mzvun8tuF84mu1DF4x2TmyBjqh2N9x3nqCIr-RyvAOeUJM-yG3cQ58Q0h22ZzXbsBRExyJYjn7sT7W2oOcr36kl1_rssJ-fLDl_SEeBX_rWh3N7DcgKBG90xzNRDoRlBM6g5hdDQPKOtIt8sH81E1c_I9uN4AUBppSgJ66GPFTiDhXHQDkpPpSLMXG3Vp3837QwIO_Z_6vISYCYtqDynJwAUOZGC5oBoD-OvVDTA5EERkusYeAlmfIXVhqRjt6JP9LBdADzVdIWDLXtTSigUlHbmhlR4DYSq9zYMjA3nUvwbnDRJnJ2ilAEkwDbcAE7quX_YkE4AQBkgUECAQYAZIFBAgFGASgBi6AB8ydv9oDqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgHpr4b2AcA8gcEEJqLBtIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgPICwHYEwLQFQGAFwGyFx8KHQgAEhRwdWItNDYyODUzMzEwNzIzMDQ1ORjj2ZAB&sigh=9868JQ2ihyc&uach_m=[UACH]&cid=CAQSOwBygQiDze2KadRcS9r9TyqazlEaoRS3Aig6DQwhb9ApUlteV-2zu30_l1i8SBdrHbDCg1pdQBwkTSqDGAE&template_id=531
Requested by: Host: heroinvesting.com
URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230608/r20110914/ Frame 0127 22 KB
9 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230608/r20110914/abg_lite_fy2021.js

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

499535f3eac5c43e736542cc65f763d3694486966ac359b6aa03416cb4f66b9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 17:12:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8791
x-xss-protection: 0
server: cafe
etag: 1771513136926955597
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Jun 2023 17:12:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DC30 143 B
166 B 42ms
41ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 932
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 19:51:53 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230608/r20110914/client/ Frame 0127 3 KB
1 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230608/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 17:12:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10525
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Jun 2023 17:12:00 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230608/r20110914/client/ Frame 0127 19 KB
8 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230608/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6a668741aaae51af53932f5546ed0ba37f4c96c432e47497fa57a020232e332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 19:27:04 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2421
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7977
x-xss-protection: 0
server: cafe
etag: 11528802260939709675
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 27 Jun 2023 19:27:04 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 37C5 402 B
386 B 50ms
50ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Fredoka+One:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Jun 2023 20:07:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Jun 2023 19:44:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Jun 2023 20:07:25 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame DC30
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

53ms
52ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:25 GMT
expires: Tue, 13 Jun 2023 20:07:25 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 13 Jun 2023 20:07:25 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 37C5 16 KB
6 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 17:08:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10738
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5660
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Jun 2023 17:08:27 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 37C5 34 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 01:47:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 65980
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 14 Jun 2023 01:47:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 70C5 15 KB
16 KB 138ms
41ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heroinvesting.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 270190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 17:04:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 70C5 15 KB
15 KB 180ms
84ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heroinvesting.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 15:24:53 GMT
x-content-type-options: nosniff
age: 276152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 09 Jun 2024 15:24:53 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame E002 33 KB
33 KB 190ms
98ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://heroinvesting.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 3488
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Jun 2024 19:09:17 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0127 0
0 48ms
47ms Image
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRFncRLp2p-RmHyvnNyzuQH0c_ZwQyPx7OLhc5i5VcPXVKva_NNuzQSVRNV09uBwKeQ3e9PjBvpGaEQPdFXHBw0090qGQ
Requested by: Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0127 176 KB
55 KB 156ms
53ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b1e1bef92ba957c4648c2118de4eece20ffb8e58eedbb33bce5c2227b46e9ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56133
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1686570138914868"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Jun 2023 20:07:25 GMT

GET
DATA 200
OK truncated
/ Frame 0127 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9443d70fe546cb87be64dfd174b95a6f68865d453a8e169cbcd631887395b958

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2
fonts.gstatic.com/s/fredokaone/v14/ Frame 37C5 15 KB
15 KB 90ms
50ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/fredokaone/v14/k3kUo8kEI-tA1RRcTZGmTlHGCac.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Fredoka+One:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 21:31:32 GMT
x-content-type-options: nosniff
age: 599753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15596
x-xss-protection: 0
last-modified: Mon, 20 Mar 2023 20:35:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Jun 2024 21:31:32 GMT

GET
H3 200 TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 37C5 37 KB
14 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TH3Zs8Ev3pHjJfWkL7wPbYNWbVKLYksLSDPKh6nMP2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 14:44:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 278565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14492
x-xss-protection: 0
last-modified: Mon, 05 Jun 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 09 Jun 2024 14:44:40 GMT

GET
H3 200 NavWide.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/ Frame 37C5 7 KB
7 KB 41ms
40ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17965573926975204268/NavWide.png

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d329fb2b9b520ad0aa430738d96527ba6b477cbb14fcb51cb057838d845628ca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Fri, 09 Jun 2023 15:23:25 GMT
x-content-type-options: nosniff
age: 362640
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7287
x-xss-protection: 0
last-modified: Sat, 26 Nov 2022 20:54:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 08 Jun 2024 15:23:25 GMT

GET
DATA 200
OK truncated
/ Frame 37C5 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 3318239216638957234
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 184 KB
184 KB 43ms
42ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/3318239216638957234

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae5c2325335433e6d30876938ba2932f1b812203b4b10d538d255777228016b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 11:49:29 GMT
x-content-type-options: nosniff
age: 289076
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187935
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:48:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 11:49:29 GMT

GET
H3 200 16441653920360610615
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 205 KB
205 KB 61ms
60ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/16441653920360610615

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc2431f89e07974e884af086ee2d4de65158d7726dc285f39b3a62abab789488

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 08:34:14 GMT
x-content-type-options: nosniff
age: 214391
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 210196
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:48:16 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Jun 2024 08:34:14 GMT

GET
H3 200 11895055512316614631
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 47 KB
48 KB 50ms
49ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/11895055512316614631

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ceefe2f365ef34dd9ef27eef995cfd8f68ff3d7f82cf0d7291f1c09ab5227982

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 23:23:25 GMT
x-content-type-options: nosniff
age: 247440
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48629
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:48:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 23:23:25 GMT

GET
H3 200 16499432703027231652
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 137 KB
137 KB 55ms
54ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/16499432703027231652

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

faba41e31035aa55989de27bd4a0d8ae0885e7844d508cc6ec1325777bbd7eab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sun, 11 Jun 2023 02:33:14 GMT
x-content-type-options: nosniff
age: 236051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140421
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:48:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Jun 2024 02:33:14 GMT

GET
H3 200 15774726257001948654
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 32 KB
32 KB 66ms
65ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/15774726257001948654

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9dcfbf371ddb72c5998e8d32c94e1ece1d20f4d0125e8f6f31383ff4d223728

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 16:17:38 GMT
x-content-type-options: nosniff
age: 272987
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33164
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:47:58 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 16:17:38 GMT

GET
H3 200 15891931312044919288
tpc.googlesyndication.com/gpa_images/simgad/ Frame 37C5 67 KB
67 KB 84ms
83ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/gpa_images/simgad/15891931312044919288

Requested by

Host: 2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3dec9d4c6bb427271d3e78efae0d76582189c36f6c3d0e42d05f10a9ff67ec01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Sat, 10 Jun 2023 19:14:29 GMT
x-content-type-options: nosniff
age: 262376
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68477
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 01:48:02 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 09 Jun 2024 19:14:29 GMT

GET envelope
lexicon.33across.com/v1/ 0
0

GET
H2 204 isyn
prebid.a-mo.net/ Frame 864B 0
0 123ms
122ms Document
text/plain 147.28.129.37
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0, private, must-revalidate
date: Tue, 13 Jun 2023 20:07:25 GMT
server: envoy
vary: Accept-Encoding
x-envoy-upstream-service-time: 0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame E8A5 281 B
554 B 132ms
41ms Document
text/html 23.212.211.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.211.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-211-47.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 13 Jun 2023 20:07:26 GMT
ETag: "403b9-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 24DD 0
0 415ms
133ms Document
text/plain 67.202.105.24
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.24 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip24.67-202-105.static.steadfastdns.net
Software: 33XP003 /
Resource Hash

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

date: Tue, 13 Jun 2023 20:07:26 GMT
server: 33XP003
x-33x-status: 2000208

GET
H2 200 sync Show response
eb2.3lift.com/ Frame FD6C 37 B
140 B 119ms
40ms Document
image/gif 76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif
date: Tue, 13 Jun 2023 20:07:26 GMT

GET
H2 200 / Show response
sync.kueezrtb.com/api/sync/iframe/ Frame 412A 109 B
422 B 416ms
144ms Document
text/html 146.190.64.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.kueezrtb.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 146.190.64.207 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: GET, HEAD, OPTIONS, POST
access-control-allow-origin: *
content-length: 109
content-type: text/html
date: Tue, 13 Jun 2023 20:07:26 GMT
p3p: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"

GET
H2 200 / Show response
sync.cootlogix.com/api/sync/iframe/ Frame F6A3 109 B
422 B 369ms
117ms Document
text/html 146.190.64.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 146.190.64.207 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: /
Resource Hash: a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: GET, HEAD, OPTIONS, POST
access-control-allow-origin: *
content-length: 109
content-type: text/html
date: Tue, 13 Jun 2023 20:07:26 GMT
p3p: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 21CF 23 KB
8 KB 406ms
315ms Document
text/html 23.218.208.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.208.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-208-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

1af4d6d38e2fb4ebd6a1f87912ab4e1116ad18e92a9ed39edbc8ad0250d2f35a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8353
content-type: text/html; charset=UTF-8
date: Tue, 13 Jun 2023 20:07:26 GMT
expires: Thu, 15 Jun 2023 20:07:26 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 1A6B 3 KB
2 KB 149ms
50ms Document
text/html 104.18.10.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=8ibxdNNjiBjRtkdpS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.10.47 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://heroinvesting.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 623
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 7d6cf5b7096c1db3-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 13 Jun 2023 20:07:26 GMT
expires: Wed, 14 Jun 2023 00:07:26 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare
vary: Accept-Encoding

GET
H2 403 match
c1.adform.net/serving/cookie/ 0
454 B 148ms
39ms Image
text/plain 37.157.6.237
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c1.adform.net/serving/cookie/match?party=1294&gdpr=1&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.237 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 200 9.gif
id5-sync.com/s/441/ 43 B
1 KB 126ms
45ms Image
image/gif 162.19.138.116
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.116 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533567.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 13 Jun 2023 20:07:25 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

GET
H2 200 cookiesync
bttrack.com/pixel/ 35 B
163 B 386ms
140ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),

Reverse DNS

NET-33-132-192.46.bidtellect.com

Software

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-servername: Track002-iad
pragma: no-cache
date: Tue, 13 Jun 2023 20:06:40 GMT
strict-transport-security: max-age=31536000;
content-type: image/gif
cache-control: private,no-cache
content-length: 35
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 173ms
55ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

sync
x.bidswitch.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
https://p.rfihub.com/cm?in=1&pub=20513&ssp=themediagrid&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329526150655795&expires=30&ssp=themediagrid

43 B
145 B

42ms
42ms

Image
image/gif

3.124.103.237
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329526150655795&expires=30&ssp=themediagrid
Protocol: H2
Server: 3.124.103.237 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-103-237.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:26 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

Location: https://x.bidswitch.net/sync?dsp_id=119&user_id=5133329526150655795&expires=30&ssp=themediagrid
Date: Tue, 13 Jun 2023 20:07:26 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK img
pixel.mathtag.com/sync/ 43 B
418 B 229ms
132ms Image
image/gif 23.218.208.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/sync/img?mt_exid=83&gdpr=1&gdpr_consent=&mt_exuid=049c2636-4882-40e1-8ff7-2fcbcfe22f8d&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DsxJxpx7oBnWwaatGE8NyMg2D%26source_user_id%3D%5BMM_UUID%5D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.209 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-209.deploy.static.akamaitechnologies.com
Software: MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"3043" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heroinvesting.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Tue, 13 Jun 2023 20:07:26 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x31 config_version:"3043"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Tue, 13 Jun 2023 20:07:25 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E8A5 34 KB
10 KB 74ms
74ms Script
text/html 23.212.211.47
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.211.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-211-47.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 437c8fc0089c5e766674d2353c4478f57b3da9581dd87968e384ef09afc78706

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date: Tue, 13 Jun 2023 20:07:26 GMT
Content-Encoding: gzip
Last-Modified: Tue, 13 Jun 2023 00:06:58 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=14431
Connection: keep-alive
Content-Length: 10113
Expires: Wed, 14 Jun 2023 00:07:57 GMT

GET
H/1.1

200
OK

usermatch Show response
ssum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

42ms
42ms

Document
text/html

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: ca2c4904f4bff10aefcccff89ba3f18e0f861bc21d1cf410e4641348579bd2a7

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 1923
Content-Type: text/html
Date: Tue, 13 Jun 2023 20:07:26 GMT
Expires: 0
Keep-Alive: timeout=1, max=499
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

Redirect headers

Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 0
Date: Tue, 13 Jun 2023 20:07:26 GMT
Expires: 0
Keep-Alive: timeout=1, max=500
Location: /usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma: no-cache
Server: Apache

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame E8A5
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=ZC962WpHSeSE4luPNc_cHg&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ZC962WpHSeSE4luPNc_cHg

43 B
479 B

59ms
59ms

Image
image/gif

52.94.223.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ZC962WpHSeSE4luPNc_cHg

Protocol

HTTP/1.1

Server

52.94.223.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: D8X0KMK26B4D1QS7XK9X
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=ZC962WpHSeSE4luPNc_cHg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame E8A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEH634KihNapE7nvEkvgEsqs&google_cver=1

0
239 B

190ms
42ms

Image
image/gif

69.173.144.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEH634KihNapE7nvEkvgEsqs&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEH634KihNapE7nvEkvgEsqs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame E8A5
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=TMe5_PolR9a_duR3Spr5nA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TMe5_PolR9a_duR3Spr5nA

43 B
479 B

123ms
123ms

Image
image/gif

52.46.128.147

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TMe5_PolR9a_duR3Spr5nA

Protocol

HTTP/1.1

Server

52.46.128.147 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: TQT8Q0N2D9WA6HJQPQYT
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=TMe5_PolR9a_duR3Spr5nA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame E8A5
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/byeMx9Dpie1m5_1efoXe7w?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-tw3qYJJE2oIaKqAC4m6ktdGKI2wljvRivl3ebg--~A

0
239 B

48ms
42ms

Image
image/gif

69.173.144.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-tw3qYJJE2oIaKqAC4m6ktdGKI2wljvRivl3ebg--~A
Protocol: HTTP/1.1
Server: 69.173.144.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 13 Jun 2023 20:07:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-tw3qYJJE2oIaKqAC4m6ktdGKI2wljvRivl3ebg--~A
content-length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame E8A5 70 B
264 B 56ms
55ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8A5
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElVUFNQMDMtNy05QVM3
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEHas1gaU7RUBDnRtn-3IGnI&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElVUFNQMDMtNy05QVM3&google_push=

170 B
188 B

54ms
53ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElVUFNQMDMtNy05QVM3&google_push=

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElVUFNQMDMtNy05QVM3&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
Expires: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame E8A5
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIUPSP03-7-9AS7

0
651 B

592ms
227ms

Image
text/plain

2620:1ec:21::14

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIUPSP03-7-9AS7
Protocol: H2
Server: 2620:1ec:21::14 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:26 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: DEC685D2B56046A88E5F24020AE1F50B Ref B: DUS30EDGE0707 Ref C: 2023-06-13T20:07:27Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX+CGJkfxvqV2LXqDsomw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIUPSP03-7-9AS7
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E8A5
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YTc5MzY2NGI0YjJmNzgzMjc4NjU4NjE0YzY1OWMxYzI4OWFiZjU5MQ

170 B
188 B

51ms
50ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YTc5MzY2NGI0YjJmNzgzMjc4NjU4NjE0YzY1OWMxYzI4OWFiZjU5MQ

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:27 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YTc5MzY2NGI0YjJmNzgzMjc4NjU4NjE0YzY1OWMxYzI4OWFiZjU5MQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame C0E1
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid=
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid=&dcc=t

43 B
855 B

131ms
130ms

Image
image/gif

52.46.128.147

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid=&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.128.147 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: KJ6NY7DPBXF864TJWDQ6
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: ANMF81A2M49K73RNB2W8
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZIjMfiQvwm7dP-XNmowNqwAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELE0jwXKnEQQJ10G3kW0ifg&google_cver=1

43 B
632 B

72ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELE0jwXKnEQQJ10G3kW0ifg&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELE0jwXKnEQQJ10G3kW0ifg&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEJC72524Kms5akviSYZsEPI&google_cver=1

43 B
766 B

40ms
40ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEJC72524Kms5akviSYZsEPI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:26 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEJC72524Kms5akviSYZsEPI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame C0E1 70 B
264 B 56ms
55ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7120085832640865267

43 B
632 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7120085832640865267
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7120085832640865267
pragma: no-cache
date: Tue, 13 Jun 2023 20:07:26 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame C0E1
Redirect Chain

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=&verify=true
https://pr-bh.ybp.yahoo.com/sync/casale/ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB

43 B
601 B

59ms
59ms

Image
image/gif

2a05:d018:d29:3605:c83d:8690:f97d:d99a

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Server

2a05:d018:d29:3605:c83d:8690:f97d:d99a -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:27 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

Redirect headers

location: https://pr-bh.ybp.yahoo.com/sync/casale/ZIjMfiQvwm7dP_XNmowNqwAABK0AAAIB
date: Tue, 13 Jun 2023 20:07:27 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://sync.adotmob.com/cookie/indexexchange?gdpr=&gdpr_consent=&r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7Bamob_user_id%7D%26expiration%3D%5BEXPIRATI...
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=

43 B
632 B

41ms
41ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&expiration=%5BEXPIRATION%5D&gdprConsent=
Date: Tue, 13 Jun 2023 20:07:27 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Powered-By: Express
Content-Length: 0
Vary: Origin

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame C0E1
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5396605702580989797

43 B
632 B

42ms
42ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5396605702580989797
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 13 Jun 2023 20:07:27 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Date: Tue, 13 Jun 2023 20:07:26 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.7.108; 80.255.7.108; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ce391d5b-014f-4b01-963b-136b1f17dcf7
Server: nginx/1.23.4
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=5396605702580989797
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame C0E1 43 B
352 B 146ms
46ms Image
image/gif 104.18.11.47
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?ZIjMfiQvwm7dP-XNmowNqwAA%261197
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fheroinvesting.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.11.47 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 20:07:26 GMT
cf-cache-status: HIT
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
age: 9020
etag: "902a3d-2b-546dc3a097100"
vary: Accept-Encoding
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7d6cf5b958908ffb-FRA
content-length: 43
expires: Wed, 14 Jun 2023 20:07:26 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: aax.amazon-adsystem.com
URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&pid=icKDuZiG4NkxE&cb=0&ws=1600x1200&v=23.605.2213&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_r1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%2C%22320x50%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_r1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_l__ayManagerEnv__1%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_l%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D

Domain: lexicon.33across.com
URL: https://lexicon.33across.com/v1/envelope?pid=0015a00003Ek3OWAAZ&gdpr=0&src=pbjs&ver=7.53.0-pre

Verdicts & Comments Add Verdict or Comment

236 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.heroinvesting.com/	1970-01-20 22:07:26	Name: _ga_PNTYD12RWN Value: GS1.1.1686686842.1.0.1686686842.0.0.0
.heroinvesting.com/	1970-01-20 22:07:26	Name: _ga Value: GA1.1.1716734272.1686686842
heroinvesting.com/	1970-01-20 13:14:38	Name: _pbjs_userid_consent_data Value: 3524755945110770
.heroinvesting.com/	1970-01-20 14:41:02	Name: _gcl_au Value: 1.1.368187764.1686686842
.heroinvesting.com/	1970-01-20 21:53:02	Name: __gads Value: ID=76c9cc1106cbc0c9-22f7a8307ce1000c:T=1686686842:RT=1686686842:S=ALNI_MbaNul_QKHBxYcs4jzsyAIVASVXfw
.heroinvesting.com/	1970-01-20 21:53:02	Name: __gpi Value: UID=00000c4e8e30f5f3:T=1686686842:RT=1686686842:S=ALNI_MYw_RtXIK9cQAGa-uDj0aONs8UWgA
.doubleclick.net/	1970-01-20 21:53:02	Name: IDE Value: AHWqTUlkx5buLJ3BSNoSJfcLg3ogkRn-Bwndbcpu6XBl0SsKVZOC5kh6DBlyVaCE
.go.sonobi.com/	1970-01-20 13:14:38	Name: __uis Value: 29951671-2b74-44ea-b907-4e3b6f064954
.go.sonobi.com/	1970-01-20 12:32:53	Name: _usd_heroinvesting.com Value: 91f2197d-251e-47f9-a40c-024a0bbac932
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB8G Value: s85167\|ZIjMf
.criteo.com/	1970-01-20 21:53:02	Name: uid Value: e5d8b180-0612-4eef-8064-d812afd0c388
.prebid.a-mo.net/	1970-01-20 21:17:02	Name: __amc Value: 1_1686686842_1686686842
.openx.net/	1970-01-20 21:17:02	Name: i Value: b69b4b02-566b-4751-91ea-7a7e482d1de7\|1686686842
.rubiconproject.com/	1970-01-20 21:17:02	Name: khaos Value: LIUPSP03-7-9AS7
.rubiconproject.com/	1970-01-20 21:17:02	Name: audit Value: 1\|hLZGFuTafB28jQLkSQYlGANb0fGVcfL/XWaA1sYWTLG+SmvwaNDOnsZr269+kN1Q8a8bGwP47VKMCL+3kiImJ+CAnekPgJibJBIOHeJzosLQD5U7tEfUTQ==
.gumgum.com/	1970-01-20 21:17:02	Name: cs Value: true
.gumgum.com/	1970-01-20 13:14:38	Name: loc Value: SfolTs1ZIlOnWsGgPSzMzYWpLB8DTaIvDGrwanjn1t_BakJLW77Q2DY15TFTB_TqNsP1OKo7eSA75EMvJd6Ea5wM6jyLlFy7
.heroinvesting.com/	1970-01-20 21:53:02	Name: cto_bundle Value: OnWB0F9veHliV21wT1k3cCUyRmVVcUNWTGlqeXFzJTJCTFpMMloxYkNrekRCQUFDTW44R0dJYyUyRjJMQ2JWUnp2bDZpRGtFQ05JdzRZbmd2eXduOHJ1ZTBHOXI1WTJWUkJDVU1STU9iY3NQUmZTdENJY2RrMUlWU3d1UHhJMkMlMkJIdXE2JTJGQ1NHWDRVd2RBdGFoQnZEZ1hQWmljeTc0WEpKUHVUZXZYTUR5SXRhWThVeU83Njl3JTNE
.doubleclick.net/	1970-01-20 12:31:30	Name: DSID Value: NO_DATA
.id5-sync.com/	1970-01-20 12:31:27	Name: cf Value:
.id5-sync.com/	1970-01-20 12:31:27	Name: cip Value:
.id5-sync.com/	1970-01-20 12:31:27	Name: cnac Value:
.id5-sync.com/	1970-01-20 12:31:27	Name: car Value:
.id5-sync.com/	1970-01-20 12:31:27	Name: gdpr Value:
.id5-sync.com/	1970-01-20 12:31:27	Name: callback Value:
.bidswitch.net/	1970-01-20 21:17:02	Name: tuuid Value: 0610493e-ee87-49a8-bdbb-8d03be68f04f
.bidswitch.net/	1970-01-20 21:17:02	Name: c Value: 1686686846
.bidswitch.net/	1970-01-20 21:17:02	Name: tuuid_lu Value: 1686686846
.casalemedia.com/	1970-01-20 21:17:02	Name: CMID Value: ZIjMfiQvwm7dP-XNmowNqwAA
.casalemedia.com/	1970-01-20 14:41:02	Name: CMPS Value: 1197
.casalemedia.com/	1970-01-20 14:41:02	Name: CMPRO Value: 1197
.rfihub.com/	1970-01-20 21:53:02	Name: eud Value: H4sIAAAAAAAA_1vFwmtoZmEGRBYmQMISAPZ96u0QAAAA
.rfihub.com/	1970-01-20 21:53:02	Name: rud Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjM0NTAzNTW3NBXiM9QNScuN9Db1yTWpcM4EAC4iCVwlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjM0NTAzNTW3NBXiM9QNScuN9Db1yTWpcM4EAC4iCVwlAAAA
.adnxs.com/	1970-01-20 14:41:02	Name: uuid2 Value: 5396605702580989797
.amazon-adsystem.com/	1970-01-20 17:22:19	Name: ad-id Value: A4OI62jntk_ht8zuBJu6rj8\|t

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.
javascript	warning	URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 9) Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4980920491730550&output=html&adk=1812271804&adf=3025194257&lmt=1686686842&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1686686841833&bpp=3&bdt=371&idt=262&shv=r20230612&mjsv=m202306080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=8461998749246&frm=20&pv=2&ga_vid=1716734272.1686686842&ga_sid=1686686842&ga_hid=1618440501&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759842%2C44759926%2C42532280%2C42532278%2C31071755%2C31075259%2C44772268%2C44788442&oid=2&pvsid=197147639289706&tmod=89671707&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=292 Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: https://heroinvesting.com/business/ridiculous-t-shirts-that-people-actually-wore-in-public/?utm_medium=cpc Message: Access to XMLHttpRequest at 'https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&pid=icKDuZiG4NkxE&cb=0&ws=1600x1200&v=23.605.2213&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_r1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%2C%22320x50%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_r1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_l__ayManagerEnv__1%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_l%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D' from origin 'https://heroinvesting.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fridiculous-t-shirts-that-people-actually-wore-in-public%2F%3Futm_medium%3Dcpc&pid=icKDuZiG4NkxE&cb=0&ws=1600x1200&v=23.605.2213&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_r1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%2C%22320x50%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_r1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_l__ayManagerEnv__1%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_l%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D Message: Failed to load resource: net::ERR_FAILED
security	warning	URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod(Line 6) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	warning	URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.0.0-hotfix.1-prod(Line 6) Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security	error	URL: https://2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/17965573926975204268/index.html".
network	error	URL: https://c1.adform.net/serving/cookie/match?party=1294&gdpr=1&gdpr_consent= Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2b77aef3b94ca9c9ea8d1e48701377e1.safeframe.googlesyndication.com
a.teads.tv
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.turn.com
adgarden.market
adservice.google.com
ap.lijit.com
apex.go.sonobi.com
api.assertcom.de
bcp.crwdcntrl.net
btlr.sharethrough.com
bttrack.com
c.amazon-adsystem.com
c1.adform.net
cdn.ampproject.org
cdn.followsports.com
cdn.heroinvesting.com
cdn.id5-sync.com
cdn.indexww.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cm.g.doubleclick.net
contextual.media.net
cpm.catapultx.com
dsum-sec.casalemedia.com
eb2.3lift.com
esp.rtbhouse.com
eus.rubiconproject.com
exchange.kueezrtb.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
grid.bidswitch.net
gum.criteo.com
hb.minutemedia-prebid.com
hb.yellowblue.io
heroinvesting.com
htlb.casalemedia.com
id5-sync.com
invstatic101.creativecdn.com
js-sec.indexww.com
lexicon.33across.com
match.adsrvr.org
mp.4dex.io
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.mathtag.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.cootlogix.com
prebid.media.net
prg.smartadserver.com
px.ads.linkedin.com
region1.google-analytics.com
s.amazon-adsystem.com
s.seedtag.com
scontent-fra3-1.xx.fbcdn.net
scontent-fra3-2.xx.fbcdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
static.criteo.net
static.kueezrtb.com
static.vidazoo.com
static.xx.fbcdn.net
sync.adotmob.com
sync.cootlogix.com
sync.kueezrtb.com
tags.crwdcntrl.net
targeting.unrulymedia.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.kueezrtb.com
u.kueezrtb.com
ups.analytics.yahoo.com
vrl9rgsahh7mx6ndn.ay.delivery
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
aax.amazon-adsystem.com
lexicon.33across.com
104.18.10.47
104.18.11.47
104.18.25.185
13.224.192.181
142.93.54.172
146.190.64.207
147.28.129.37
157.245.87.200
162.19.138.116
172.217.16.130
18.224.253.134
185.80.39.216
185.86.139.95
192.132.33.46
193.0.160.131
2001:4860:4802:34::36
216.52.2.30
23.212.211.47
23.218.208.209
23.218.208.23
23.218.209.56
2600:9000:223f:ca00:3:6d3c:dac0:93a1
2600:9000:2250:f600:a:e047:753:be1
2602:803:c004:200::140
2606:4700:10::6816:227b
2606:4700:10::6816:3556
2606:4700:3036::ac43:9447
2606:4700:4400::6812:2bda
2606:4700::6812:372
2606:4700:e2::ac40:8004
2620:1ec:21::14
2a00:1450:4001:806::2002
2a00:1450:4001:806::2003
2a00:1450:4001:808::2008
2a00:1450:4001:808::200a
2a00:1450:4001:80b::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:813::2002
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2001
2a00:1450:4001:829::2001
2a02:2638:3::3
2a02:2638:d::d
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a04:4e42:400::485
2a05:d018:d29:3605:c83d:8690:f97d:d99a
2a06:98c1:3121::3
3.124.103.237
34.102.146.192
34.120.135.53
34.120.63.153
34.149.20.76
34.149.50.64
34.96.70.87
34.98.64.218
35.158.192.151
35.163.232.44
35.190.39.111
37.157.6.237
37.252.173.215
46.228.164.11
50.18.220.217
52.223.40.198
52.46.128.147
52.94.223.167
54.149.117.181
54.177.234.125
54.219.150.145
54.241.14.1
65.9.66.68
67.202.105.24
69.166.1.8
69.173.144.138
69.173.144.139
74.118.184.143
74.119.118.149
76.223.111.18
77.245.57.72
94.130.203.123
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00f9946c407d3ca1f7ba99f8e61d333d3c9ab7ca633c0d44dd4ea1079f3d6e36
026ea7ee6b3f89ff44678e36a04f461d8a50979812a390537845226ab48cd1b2
04937c00441e6ce29b3c94e9ed8af987c537cc1c1b3879daac6c45a94301e82c
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06cb3a9674e535fd66eb8498fd92dafdf0278e3bb82f5302ddb6a092b444e90d
06ff55e11ddf5e27c5be8316edbd2d026b457b6d398399959e0c2a675a65bf0b
088d6d00bae261943247c9ca2f7f683b39906e05242c15caa9893199f358418b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0caf169e93e0e6987ad792cc2a026fa069b3fa6c9d1e1c1e333432141fa3f2a9
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f16cb52e292b59fe0828854431a3b5ff0a172bd11e43e3e6eec0a63380a97cf
0fa29d443f4c5382f21c3db10adb850a58c71fdbd00fc2f1e46d552665056541
10ededd2c2833f29e37921e041dda9d59f3dc2ab992d00ae2d577763e478d8a0
13199916a0797ed4d53d536cd8a53379e574c5fe74b4bf44a7b87bb97216bb4d
17a161aa64f0377f02e397aa802dccb6a02e90daaf736ed86fe8eae4c79d9f3a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1aa80730e2733b6a9bb8592292909ca4a1b9e19c80e82ed49f6ef3d0de3536c9
1af4d6d38e2fb4ebd6a1f87912ab4e1116ad18e92a9ed39edbc8ad0250d2f35a
1b0b261411ab16f5e1f21c988a5bad7405f020d8cb55bb7f977e8f6d0f0cc0da
1db0840b5d0343d68b954a2f8fcfda1870e8ae77e31dd77a0f14fc679a04dca4
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981
2aeecc98f944c3f902958e47e7999963e1d7b8e981d42157349b6108ba533f51
2b5f1a61dac01463cc815eae26ba920e53e97e5f8a87bef18e49702f02f28df3
2cd8a0eb854b77f7500c80d39422e09a81ce26208dfc056f718195884104a293
2f54143ed26b74a0dc3937bbcc86a3d4a97c2e19803af199a381205fc1422e5b
30f9f1d908d362f057977962b15d079838b2fcbd05a2c3bc6990c9de48c877b8
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
33311bb16e421a08959c36257701332c14bbba1703cf220f09b1daef7673085a
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3970d64493daf2ddc2860fbaefdf2a9cd83c7ad22ca8c66b01164649deba787d
3989386a0a9d7fc59c23d83ea6faa41e4c0384efc942097719c532ecb8eec0bf
3aeea68c06cdec239e1ed43620be76c9d9bd73c61aa14c174c4d028f2790ffe3
3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b
3c3a2cb3ae1d3e9f5bb45433cc825e215891360b815a9dd065dfef7a8f7eb29f
3dec9d4c6bb427271d3e78efae0d76582189c36f6c3d0e42d05f10a9ff67ec01
3e4aff932cafd42e55b1af0534929b42c42cce514e67029b00d55992cd96f5fa
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41785335bcbef23c043351e489dca6e457472c706b9de78d401c2ce1ea2e2db0
420a6112471800c8bc15ecde1536fc38b374d3940e7ffa06ec5b63c2c1dac860
437c8fc0089c5e766674d2353c4478f57b3da9581dd87968e384ef09afc78706
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45352935afb3119009abbfa8ed5bf7b67fc4edf64e8b718a134975410823ace9
4679bfed42aadefbd62796efe47cc8ee0664baedf88fcff17b72473fe57967d5
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
499535f3eac5c43e736542cc65f763d3694486966ac359b6aa03416cb4f66b9e
4a06c1b303ec1451222d955862c3aec28433c05d3bb7f5c6aaba128c129b489e
4b1e1bef92ba957c4648c2118de4eece20ffb8e58eedbb33bce5c2227b46e9ee
4c7dd9b3c12fde91e325f5a42fbc0f6d83566d528b624b0b4833ca87a9cc3f64
520c11617ccee88cff885751187789d8f6e3ba46035410d1508948417dccb22b
535291b89d01e51c8366ca2268b580c203f70e106d5e0dddaaa2fc7d5b2235b1
5365420f50a9e1851a0f14142c17fe1b445a648dbcd69d8f90a025b7ab303df8
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a75d14402b77a707d71b0b3fd6b5a8203370d29e366d038f405ab49de3d385b
5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60b4c8697c73df4d71743a99e6f78f0d9f62a2c8eea3bc1b59319adf52ba1348
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62bf7e57ebc12f7a61aa36a8e4b4b25c8412f2212f91ff6f9b77d393245eecb1
6400e6f9223a7f8e652dfb8a3f0398f3be1916687970b235f8a561555809c419
645709dcb09b2700fd5a5938dbdf783ac90a88334e5104041db53302441f33e4
64c2aa724071bfe85f679b4c5e32bc376403b8a99ce67b625383b05c97d41178
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
67ccf410763aa4c7054eeda902aea1c194afdd8aeef55de0d6f2ceda13c51d8a
68b1acda5b6f1cfe1757c68bb6c7d0098e51a62c0dd864d4e0b6045e74ba4ac9
6a0dcd87c40869427f0c1f10c486fa9eb227da63acfb99f07c2dd5f1d6d778c5
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6dd2f1dd1dd1508454e914b6091c70371c9377ad7788ec62f7a21b55936c6c00
6f03b2fc52b3f433532f30c4eaea9b35ac938838fbb27eea75463f6f4760b736
7051801ff4268663af6c793fc30c889d6746a7a96d2611fa054d4a0baa950d88
71571a0733ef74c7ca16f4ff98ccf562eb375b569d8d0c8fb66ac5bd4afd9165
72e16ad03de3c5b13f87d257cedf4d941b2dfdefc898113c5cf4cb8394af19e3
7a359b3ddbf44d6f749d2c10444374a11c65d60d78ba49dec6f1df58e9c17772
7a9344144d755ac52f3d8405003feb8eab3b79aebc78e330537ea10861d6f32e
7ba9a984dda000dd5e974f1936ace53dc6d6f74d624c8544641de5d138cc60eb
7ccce0134edea8d4379ea70a222ec79a249f5f27d751bbc9198a542d13e27967
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
839c424b188a9bdafd46e5b643a2c5afb4b7df5e51f0321ffafd5f23b118e259
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
89f2bad5570d74d7039fc0d785492c19f08039210a9ef54482a1a71f4f39861f
8a24fa569e495d1548229c0f27bb95c3b25f0ac563050d123493944e21acd8e8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
942d0082516df4f4dbf3e9fc13c61d35db8041ba2f96ca5f880604adb49a5a40
9443d70fe546cb87be64dfd174b95a6f68865d453a8e169cbcd631887395b958
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9e2ac756b7d18a0715d66cff4a48f4ba89882b3bcec6cd4fda5455387eaff84d
9e57fedb96b3686621bccd5521f43a2037a823c74f062176952890b179b3955b
9fd014910db1d586fc8c21ea010dfde011e4a21652d41bdebaeb18546927e335
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84
a1dbe64978c6dabc347382bdb8aca3e556b822618767e6ce2685fb9453da7a33
a28b55f41413d16c71a76b7af3ff9f707323bb3906096b85f7a581415aaeff55
a3afbad72ec090cf7b4552ebfb082c0b8457215f5b01b4ab26f8682764652f0e
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a530bb227389815a9479d21027750dd9c31bc10e2a19dea7592efb58ca7111fe
a5e48bde53f3dd060db6471cbc9193671f969ee3cf71a76b6285a40cbbda6f03
a695b8b12c7d88355d0b1b33d6c643a7913bcfbeae91553bd7560019188b1032
a6cb39f6864daf7181d55d50e2a47186648f67ea295109bf41b7d9ed0c6509b4
a736a20f83797d0b47b2199a32432a48c93968e707716a6e4ef739047d803dac
a7dcfd9f7eb387852ab256e080478cb9d1e3e1ae946042e604a806ea338833a3
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc
aa8bd32342b76da9f3ee296fa3f2ef4a8945997a532de65a027cc4b20d5be89f
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac48c8215547ee0aaa58251664ed352658a46d5f0f5892009442780f96ea5267
ae5c2325335433e6d30876938ba2932f1b812203b4b10d538d255777228016b2
aff6c0c7412a3aae7c2ffa7a0d839ef3952ea15ebc914c9d639483096ea0be71
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b17f4c082b272213f4da075af5c73893db6c70f060c8441ff6e70f7251324ff9
b18845e599d1f1dd3e050bd0de36e794927c61b54be5c040b49c2e76847aaa66
b4a4a64679fc9709481ba33ab544b212ef552eba333f8c837e3ae59d9017836d
b5b7ee94252dddc67b4bbcec5a0a942aa7f2c34eb52e1090bbd428c0895a12af
b662940096002cc28c8486f1b5d1c21e15dd63bf479fabd6a8d961de03a3241b
b723fd8255304adbf4d241c102efb0627de03e364a41ddaa313d2d066e52deb3
ba5646ec538a9597364b4364fc0281c1c06ae33a37eb24d2c83c6231db636ce6
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf40c9bfc195c4c2c37642c388d64d4853f063fc487256a7fe93749a4f204148
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7
c1363ee1baaa832c6df0441916e077c03a1321dbab9a488949642478d35d2cdf
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c30802f571a2e288c969e6335d176c98b72f9488ef065dfbc3b1005ab05e7824
c4488a4c62daaa5db53e75de62822fdbc8232a42ff77c9d4531ca06643e3ce76
c4d1f1e05369560edc9ad67b6e6fa2b22897cf2719bc063b426f0f042965589b
c6df03d6bd1a8ca1ce49d6b92d5fd80d5c1358191040696703718ce2054b1b2b
c797db6fb7a82781e8ee27adb05da046181acab83890f71eb9c0a7013922d74b
ca2c4904f4bff10aefcccff89ba3f18e0f861bc21d1cf410e4641348579bd2a7
ca76180c2133d7d13de82a1b213bb4d0d1556d2cfd8c5fea78032f3724ec951f
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cc54137ac38858d677a50d0dd368b00154d7ae5db61d167fe99f7cea26139792
ce4e70543c73ae57c0a98b3eb2c4cd235af21b10623436091b427c76ffdd1d1b
ceefe2f365ef34dd9ef27eef995cfd8f68ff3d7f82cf0d7291f1c09ab5227982
d0f1f3492ce17c5f16bd1eda86609244a311e799cea08adc47b0218336c919eb
d2198153f7742d51489d9d7f907f73a79994d8aa7c6d27fed3004c3ed9461dfc
d329fb2b9b520ad0aa430738d96527ba6b477cbb14fcb51cb057838d845628ca
d3e219d4662d0cd3202c5240047ae0300298d9f2ae877bf558eca1a633b7cd32
d6f67420ea18265c9f0934ece3554335d7ab68e67abc277e6b8e0bb88ab8b8bf
d8d50e39586e7ea19e91c343d209275b01db51643898a13ccb8c10bc531c9585
d9ab796416d841bfa4b4c40b66177c1cf85c18c7b0734e3bf906bfdc997246a8
d9dcfbf371ddb72c5998e8d32c94e1ece1d20f4d0125e8f6f31383ff4d223728
dadf9dae832d6b64da4525ca6ca0fbfe0d11187374ecac1289156df3ae9242f0
e2d93b24584df8c25977bcea447ab18f21a5802bda10d2535e5a17c0a570752f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e668a2ce87ae56294e64224a7a119102ca3fa73725ccb3041c17e6ad1365e6ae
e708aefb4d99fef19220a1c3f01261141f52a2010f220210638a8b549170ea30
e81bb8c5aaf4325dc3e4d3f8b2a892578b48761d7898a15a0ac75b7999b578e5
e9986c62b19bce3791c4c103a4aa87c91d22d9e1c9f252f7f802ea26d3405769
eb7a209e3af2f5e7045a326f81414b39f02551eb158e859c190a7a84db7c4d5d
ec4158783b4a5ff6ebbaefa6bc4167d56e1958dcf2dbdc9ed63935df42bc9700
ee8fba6f98ab7e973c5e75d0705b6e6ac48fe5e5d1298b4938a691a278a770ea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efa58e6c55e790f1c83deaa0e2b30bb1a075acc2ed6ec0f50f928c0d42dbc472
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6a668741aaae51af53932f5546ed0ba37f4c96c432e47497fa57a020232e332
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
faba41e31035aa55989de27bd4a0d8ae0885e7844d508cc6ec1325777bbd7eab
fb79805133aef4594b38ad90a4670b47db4f2a7cc8edd46c38abd4f40432f75b
fbe3c51e98db301a93d9940ccafdb4fb69dc61b18d1199a22c7418278ea6a422
fc2431f89e07974e884af086ee2d4de65158d7726dc285f39b3a62abab789488
fcb32e14293f387665aa17152d82480d6288b5834e3316f4aaf8295e9dc40ae4
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

heroinvesting.com Open in urlscan Pro 2606:4700:3036::ac43:9447 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

230 Requests

91 %HTTPS

40 %IPv6

62 Domains

94 Subdomains

81 IPs

7 Countries

5671 kBTransfer

10276 kBSize

36 Cookies

0 Outgoing links

Redirected requests

230 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

heroinvesting.com Open in urlscan Pro
2606:4700:3036::ac43:9447 Public Scan

Screenshot
Live screenshot

Full Image

230
Requests

91 %
HTTPS

40 %
IPv6

62
Domains

94
Subdomains

81
IPs

7
Countries

5671 kB
Transfer

10276 kB
Size

36
Cookies

230 HTTP transactions
6 data transactions