urlscan.io logo urlscan.io
SecurityTrails logo

buhgalter911.com Open in urlscan Pro
37.97.204.145  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://buhgalter911.com/
Effective URL: https://buhgalter911.com/
Submission Tags: tranco_l324
Submission: On November 27 via api from DE — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 147 IPs in 14 countries across 116 domains to perform 800 HTTP transactions. The main IP is 37.97.204.145, located in Zaandam, Netherlands and belongs to TRANSIP-AS Amsterdam, the Netherlands, NL. The main domain is buhgalter911.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 8th 2021. Valid for: a year.
This is the only time buhgalter911.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 29 37.97.204.145 20857 (TRANSIP-A...)
4 213.174.135.1 39572 (ADVANCEDH...)
10 2a00:1450:400... 15169 (GOOGLE)
17 89.187.169.47 60068 (CDN77 ^_^)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 213.174.135.2 39572 (ADVANCEDH...)
15 142.250.186.98 15169 (GOOGLE)
8 2a0c:5c81:514... 55081 (24SHELLS)
13 2a00:1450:400... 15169 (GOOGLE)
1 142.250.186.162 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 95.170.82.90 20857 (TRANSIP-A...)
3 185.187.81.41 43332 (IDSTRATEG...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 37.18.16.21 205675 (HYBRID-AS)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
22 2a00:1450:400... 15169 (GOOGLE)
2 13 2a00:1450:400... 15169 (GOOGLE)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
3 16 2a02:6b8::1:119 208722 (YNDX)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 16 37.157.4.23 198622 (ADFORM)
3 12 216.52.2.48 30282 (AS-INAPCD...)
17 2602:803:c003... 26667 (RUBICONPR...)
11 185.64.189.112 62713 (AS-PUBMATIC)
15 178.250.0.165 44788 (ASN-CRITE...)
2 23 37.252.172.45 29990 (ASN-APPNEX)
2 9 23.111.200.117 7979 (SERVERS-COM)
1 185.184.8.65 204995 (RTB-HOUSE...)
3 34.98.64.218 15169 (GOOGLE)
1 135.125.163.79 16276 (OVH)
1 3 5.178.65.246 50673 (SERVERIUS-AS)
2 184.31.84.150 16625 (AKAMAI-AS)
2 52.86.134.216 14618 (AMAZON-AES)
1 2 80.239.201.24 1299 (TWELVE99 ...)
4 2a00:1450:400... 15169 (GOOGLE)
1 185.59.220.198 60068 (CDN77 ^_^)
14 2a00:1450:400... 15169 (GOOGLE)
9 2a02:2638::3 44788 (ASN-CRITE...)
29 143.204.98.95 16509 (AMAZON-02)
8 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
59 2a00:1450:400... 15169 (GOOGLE)
5 151.139.241.23 33438 (HIGHWINDS2)
8 2.18.233.180 16625 (AKAMAI-AS)
11 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 37.157.2.247 198622 (ADFORM)
1 5 37.252.172.36 29990 (ASN-APPNEX)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2.16.186.26 20940 (AKAMAI-ASN1)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
1 6 2.19.35.65 16625 (AKAMAI-AS)
1 145.239.193.145 16276 (OVH)
2 54.38.64.100 16276 (OVH)
1 2 185.86.137.113 201081 (SMARTADSE...)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
6 14 2a02:2638:1::13 44788 (ASN-CRITE...)
1 145.239.193.51 16276 (OVH)
1 5 51.89.9.254 16276 (OVH)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
1 3 2620:116:800d... 16509 (AMAZON-02)
1 63.33.224.140 16509 (AMAZON-02)
1 143.204.101.224 16509 (AMAZON-02)
2 12 2.18.234.21 16625 (AKAMAI-AS)
1 4 51.195.5.40 16276 (OVH)
3 185.64.190.78 62713 (AS-PUBMATIC)
27 2a00:1450:400... 15169 (GOOGLE)
23 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 34.211.223.103 16509 (AMAZON-02)
1 199.187.193.140 47043 (SMARTADSE...)
5 2602:803:c003... 26667 (RUBICONPR...)
5 52.34.133.113 16509 (AMAZON-02)
2 5 15.197.193.217 16509 (AMAZON-02)
1 34.120.133.55 15169 (GOOGLE)
1 2600:9000:215... 16509 (AMAZON-02)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
5 138.201.65.66 24940 (HETZNER-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 99.80.191.196 16509 (AMAZON-02)
11 19 142.250.185.66 15169 (GOOGLE)
2 185.64.190.75 62713 (AS-PUBMATIC)
1 2a00:1450:400... 15169 (GOOGLE)
6 34.243.225.216 16509 (AMAZON-02)
8 178.250.2.146 44788 (ASN-CRITE...)
5 2602:803:c003... 26667 (RUBICONPR...)
14 104.109.78.125 16625 (AKAMAI-AS)
2 104.111.233.227 16625 (AKAMAI-AS)
1 72.251.249.13 29791 (VOXEL-DOT...)
1 2 34.210.167.181 16509 (AMAZON-02)
11 185.86.139.96 201081 (SMARTADSE...)
1 8 185.64.189.110 62713 (AS-PUBMATIC)
5 16 69.173.151.100 26667 (RUBICONPR...)
1 2 199.187.193.166 47043 (SMARTADSE...)
1 18.185.8.23 16509 (AMAZON-02)
1 54.228.184.1 16509 (AMAZON-02)
1 2606:4700:303... 13335 (CLOUDFLAR...)
3 4 37.157.5.142 198622 (ADFORM)
2 2 213.155.156.183 1299 (TWELVE99 ...)
1 1 178.250.0.163 44788 (ASN-CRITE...)
1 10 185.64.190.80 62713 (AS-PUBMATIC)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
4 5 151.101.194.49 54113 (FASTLY)
2 3 52.215.67.233 16509 (AMAZON-02)
1 1 23.88.75.189 24940 (HETZNER-AS)
1 1 87.98.128.108 16276 (OVH)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 72.251.241.204 29791 (VOXEL-DOT...)
1 195.5.165.20 44968 (IPROM-AS)
3 3 185.29.132.241 30419 (MEDIAMATH...)
2 185.64.190.81 62713 (AS-PUBMATIC)
1 2 159.122.14.34 36351 (SOFTLAYER)
1 3 2a05:d018:d29... 16509 (AMAZON-02)
2 2 3.126.56.137 16509 (AMAZON-02)
2 2 2001:678:cb4:... 56396 (AMOBEE)
1 3 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 66.155.71.150 13768 (COGECO-PEER1)
1 1 178.62.202.251 14061 (DIGITALOC...)
1 34.254.122.11 16509 (AMAZON-02)
9 2606:4700:303... 13335 (CLOUDFLAR...)
13 52.18.128.217 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
2 185.170.61.66 27381 (CASALE-MEDIA)
1 35.244.174.68 15169 (GOOGLE)
2 34.95.69.49 15169 (GOOGLE)
1 52.30.98.117 ()
1 1 3.126.16.11 ()
2 2 18.185.182.242 ()
2 2 3.223.51.50 ()
2 74.125.133.157 ()
1 2600:9000:215... ()
8 104.244.36.20 ()
2 151.101.193.108 ()
8 37.252.172.250 ()
3 151.101.1.108 ()
11 2a00:1450:400... ()
2 172.217.18.98 ()
1 34.96.105.8 ()
1 1 35.190.0.66 ()
1 1 2600:9000:215... ()
1 5.178.65.245 ()
4 4 3.126.38.41 16509 (AMAZON-02)
2 2 193.232.150.45 ()
7 7 31.172.81.172 ()
1 151.236.118.210 ()
3 5 52.46.130.91 ()
1 52.86.185.173 ()
1 1 204.2.255.234 ()
1 1 193.0.160.128 ()
2 3 54.239.38.253 ()
1 143.204.98.128 ()
1 1 198.148.27.140 ()
1 34.98.67.61 ()
2 2 89.108.119.28 ()
1 31.172.81.158 ()
1 69.173.144.165 ()
1 2 2001:6d0:4001... ()
1 3 198.47.127.18 ()
2 2 34.139.145.185 ()
1 67.202.105.23 ()
1 2a02:6b8::90 ()
1 82.145.213.8 ()
800 147
29    37.97.204.145 (Zaandam, Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 37-97-204-145.colo.transip.net
buhgalter911.com
4    213.174.135.1 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
cdn.gravitec.net
10    2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
17    89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com
l.getsitecontrol.com
load.sumo.com
s2.getsitecontrol.com
8    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    213.174.135.2 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
player.adtelligent.com
15    142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net
securepubads.g.doubleclick.net
8    2a0c:5c81:5142::2 (London, United Kingdom)

ASN55081 (24SHELLS, US)
ghb.adtelligent.com
ghb1.adtelligent.com
ghb2.adtelligent.com
13    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
1    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
www.googleadservices.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    95.170.82.90 (Eindhoven, Netherlands)

ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
PTR: 95-170-82-90.colo.transip.net
analytics.factor.ua
3    185.187.81.41 (Kyiv, Ukraine)

ASN43332 (IDSTRATEGY-AS, UA)
s.zmctrack.net
loadercdn.net
4    2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:82a::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    37.18.16.21 (Russian Federation)

ASN205675 (HYBRID-AS, RU)
dm.hybrid.ai
1    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
analytics.google.com
5    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.nl
22    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.nl
13    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a02:6ea0:c700::4 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
id.gravitec.net
16    2a02:6b8::1:119 (Moscow, Russian Federation)

ASN208722 (YNDX, FI)
mc.yandex.ru
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.nl
4    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com
6    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
16    37.157.4.23 (Denmark)

ASN198622 (ADFORM, DK)
adx.adform.net
12    216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
vap5ams1.lijit.com
17    2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
11    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
15    178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com
bidder.criteo.com
23    37.252.172.45 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
9    23.111.200.117 (Russian Federation)

ASN7979 (SERVERS-COM, US)
ads.betweendigital.com
1    185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net
prebid-eu.creativecdn.com
3    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
adtelligent-d.openx.net
moneytizer-d.openx.net
u.openx.net
1    135.125.163.79 (France)

ASN16276 (OVH, FR)
PTR: ns3190286.ip-135-125-163.eu
rtb.adxpremium.services
3    5.178.65.246 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
pbjs.e-planning.net
2    184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com
htlb.casalemedia.com
2    52.86.134.216 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-134-216.compute-1.amazonaws.com
dash.getsitecontrol.com
2    80.239.201.24 (Sweden)

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 80-239-201-24.teliacarrier-cust.com
mc.webvisor.org
4    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    185.59.220.198 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-723.bunnyinfra.net
media.getsitecontrol.com
14    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
9    2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
static.criteo.net
29    143.204.98.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-95.fra50.r.cloudfront.net
runwaff.com
8    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
10    2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
cdn.ampproject.org
59    2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
5    151.139.241.23 (United States)

ASN33438 (HIGHWINDS2, US)
ads.themoneytizer.com
8    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
aktrack.pubmatic.com
11    2a02:26f0:6c00::210:ba2a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ads.projectagoraservices.com
1    37.157.2.247 (Denmark)

ASN198622 (ADFORM, DK)
s1.adform.net
5    37.252.172.36 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com
1    2606:4700:10::ac43:607 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.adtrue.com
1    2.16.186.26 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-26.deploy.static.akamaitechnologies.com
ced.sascdn.com
6    2606:4700:20::681a:b19 (United States)

ASN13335 (CLOUDFLARENET, US)
hb.adpone.com
6    2.19.35.65 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com
ads.rubiconproject.com
secure-assets.rubiconproject.com
1    145.239.193.145 (France)

ASN16276 (OVH, FR)
g.themoneytizer.net
2    54.38.64.100 (France)

ASN16276 (OVH, FR)
c.tmyzer.com
2    185.86.137.113 (France)

ASN201081 (SMARTADSERVER, FR)
ww1097.smartadserver.com
1    2a02:26f0:1700:f::1737:a1b0 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ced-ns.sascdn.com
14    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    145.239.193.51 (France)

ASN16276 (OVH, FR)
tag.leadplace.fr
5    51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu
onetag-sys.com
4    2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
3    2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)
secure.quantserve.com
pixel.quantserve.com
1    63.33.224.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-224-140.eu-west-1.compute.amazonaws.com
p.cpx.to
1    143.204.101.224 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-224.fra50.r.cloudfront.net
d2zur9cc2gf1tx.cloudfront.net
12    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
js-sec.indexww.com
as-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum-sec.casalemedia.com
dsum.casalemedia.com
4    51.195.5.40 (France)

ASN16276 (OVH, FR)
PTR: p17.id5-sync.com
id5-sync.com
3    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
27    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
23    2a02:26f0:6c00::210:ba1a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.projectagora-adtag-library.com
code.createjs.com
1    34.211.223.103 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-211-223-103.us-west-2.compute.amazonaws.com
exchange.adtrue.com
1    199.187.193.140 (Canada)

ASN47043 (SMARTADSERVER, CA)
www5.smartadserver.com
5    2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
smarttag.rubiconproject.com
5    52.34.133.113 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-133-113.us-west-2.compute.amazonaws.com
sumo.com
5    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com
api.rlcdn.com
1    2600:9000:2156:8e00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
2    2606:4700:20::ac43:4bf1 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
5    138.201.65.66 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.66.65.201.138.clients.your-server.de
ssp.otm-r.com
1    2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
1    99.80.191.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-191-196.eu-west-1.compute.amazonaws.com
ice.360yield.com
19    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
cm.g.doubleclick.net
2    185.64.190.75 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
sshowads.pubmatic.com
1    2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
6    34.243.225.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
s.cpx.to
8    178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
5    2602:803:c003:200::77 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
beacon-ams3.rubiconproject.com
14    104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    104.111.233.227 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-233-227.deploy.static.akamaitechnologies.com
pxdrop.lijit.com
1    72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
gslbeacon.lijit.com
2    34.210.167.181 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-210-167-181.us-west-2.compute.amazonaws.com
fw.adsafeprotected.com
11    185.86.139.96 (France)

ASN201081 (SMARTADSERVER, FR)
prg.smartadserver.com
8    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
16    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
pixel.rubiconproject.com
2    199.187.193.166 (Canada)

ASN47043 (SMARTADSERVER, CA)
sync.smartadserver.com
1    18.185.8.23 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-8-23.eu-central-1.compute.amazonaws.com
pool.grid-data.bidswitch.net
1    54.228.184.1 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-184-1.eu-west-1.compute.amazonaws.com
adtrack.adleadevent.com
1    2606:4700:3038::6815:ead7 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn-adtrue.com
4    37.157.5.142 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
2    213.155.156.183 (Uppsala, Sweden)

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-183.teliacarrier-cust.com
d5p.de17a.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
10    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    85.114.159.93 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com
dsp.adfarm1.adition.com
5    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
3    52.215.67.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-67-233.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    23.88.75.189 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.189.75.88.23.clients.your-server.de
csync.loopme.me
1    87.98.128.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-87-98-128.eu
green.erne.co
1    2606:4700:3039::6815:c06c (United States)

ASN13335 (CLOUDFLARENET, US)
ad4m.at
1    72.251.241.204 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
cm.adgrx.com
1    195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS, SI)
core.iprom.net
3    185.29.132.241 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
2    159.122.14.34 (United States)

ASN36351 (SOFTLAYER, US)
PTR: 22.0e.7a9f.ip4.static.sl-reverse.com
um.simpli.fi
3    2a05:d018:d29:3602:1ae5:2286:b535:86e4 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
2    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
2    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
3    2a02:fa8:8806:16::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)
pubmatic-match.dotomi.com
casale-match.dotomi.com
rubicon-match.dotomi.com
2    66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
pixel-a.sitescout.com
1    178.62.202.251 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
match.adsby.bidtheatre.com
1    34.254.122.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
rtb.gumgum.com
9    2606:4700:3037::ac43:d405 (United States)

ASN13335 (CLOUDFLARENET, US)
projectagoralibs.com
13    52.18.128.217 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
projectagora-483829-hdb.adomik.com
1    2600:9000:2156:5a00:19:ba84:7f40:21 (United States)

ASN16509 (AMAZON-02, US)
d2849lw36e7cot.cloudfront.net
2    185.170.61.66 (Canada)

ASN27381 (CASALE-MEDIA, CA)
a3165.casalemedia.com
1    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    34.95.69.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
1    52.30.98.117 (None, )

ASN- ()
beacon.krxd.net
1    3.126.16.11 (None, )

ASN- ()
i.w55c.net
2    18.185.182.242 (None, )

ASN- ()
pm.w55c.net
2    3.223.51.50 (None, )

ASN- ()
sync.ipredictive.com
2    74.125.133.157 (None, )

ASN- ()
bid.g.doubleclick.net
1    2600:9000:2156:5e00:8:48e:53c0:93a1 (None, )

ASN- ()
static.adsafeprotected.com
8    104.244.36.20 (None, )

ASN- ()
dt.adsafeprotected.com
2    151.101.193.108 (None, )

ASN- ()
cdn.adnxs.com
8    37.252.172.250 (None, )

ASN- ()
fra1-ib.adnxs.com
3    151.101.1.108 (None, )

ASN- ()
acdn.adnxs.com
11    2a00:1450:4001:812::2006 (None, )

ASN- ()
s0.2mdn.net
2    172.217.18.98 (None, )

ASN- ()
googleads4.g.doubleclick.net
1    34.96.105.8 (None, )

ASN- ()
tr.blismedia.com
1    35.190.0.66 (None, )

ASN- ()
ads.travelaudience.com
1    2600:9000:2156:8000:1b:5138:8a40:93a1 (None, )

ASN- ()
s.ad.smaato.net
1    5.178.65.245 (None, )

ASN- ()
u-ams02.e-planning.net
4    3.126.38.41 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-38-41.eu-central-1.compute.amazonaws.com
x.bidswitch.net
2    193.232.150.45 (None, )

ASN- ()
px.adhigh.net
7    31.172.81.172 (None, )

ASN- ()
sync.bumlam.com
sync3.adsniper.ru
1    151.236.118.210 (None, )

ASN- ()
cache.betweendigital.com
5    52.46.130.91 (None, )

ASN- ()
s.amazon-adsystem.com
1    52.86.185.173 (None, )

ASN- ()
rtb.adentifi.com
1    204.2.255.234 (None, )

ASN- ()
rbp.mxptint.net
1    193.0.160.128 (None, )

ASN- ()
p.rfihub.com
3    54.239.38.253 (None, )

ASN- ()
aax-eu.amazon-adsystem.com
1    143.204.98.128 (None, )

ASN- ()
sync.intentiq.com
1    198.148.27.140 (None, )

ASN- ()
bh.contextweb.com
1    34.98.67.61 (None, )

ASN- ()
odr.mookie1.com
2    89.108.119.28 (None, )

ASN- ()
x01.aidata.io
1    31.172.81.158 (None, )

ASN- ()
sync3.sniperlog.ru
1    69.173.144.165 (None, )

ASN- ()
pixel-eu.rubiconproject.com
2    2001:6d0:4001::226 (None, )

ASN- ()
www.tns-counter.ru
3    198.47.127.18 (None, )

ASN- ()
image8.pubmatic.com
2    34.139.145.185 (None, )

ASN- ()
matching.kubient.net
1    67.202.105.23 (None, )

ASN- ()
ssc-cms.33across.com
1    2a02:6b8::90 (None, )

ASN- ()
an.yandex.ru
1    82.145.213.8 (None, )

ASN- ()
t.adx.opera.com
Apex Domain
Subdomains		 Transfer
90 googlesyndication.com
f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com
tpc.googlesyndication.com
pagead2.googlesyndication.com
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com
564 KB
64 rubiconproject.com
fastlane.rubiconproject.com
ads.rubiconproject.com
smarttag.rubiconproject.com
beacon-ams3.rubiconproject.com
eus.rubiconproject.com
token.rubiconproject.com
pixel.rubiconproject.com Failed
secure-assets.rubiconproject.com
pixel-eu.rubiconproject.com
158 KB
61 doubleclick.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
bid.g.doubleclick.net
googleads4.g.doubleclick.net
639 KB
47 pubmatic.com
hbopenbid.pubmatic.com
ads.pubmatic.com
image6.pubmatic.com
sshowads.pubmatic.com
image2.pubmatic.com
simage2.pubmatic.com
image4.pubmatic.com
aktrack.pubmatic.com
image8.pubmatic.com
113 KB
41 adnxs.com
ib.adnxs.com
secure.adnxs.com
cdn.adnxs.com
fra1-ib.adnxs.com
acdn.adnxs.com
185 KB
38 criteo.com
bidder.criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
31 KB
29 runwaff.com
runwaff.com
105 KB
29 google.com
apis.google.com
accounts.google.com
analytics.google.com
www.google.com
adservice.google.com
304 KB
29 buhgalter911.com
buhgalter911.com
435 KB
22 projectagora-adtag-library.com
cdn.projectagora-adtag-library.com
1 MB
21 adform.net
adx.adform.net
s1.adform.net
c1.adform.net
34 KB
20 gstatic.com
ssl.gstatic.com
fonts.gstatic.com
193 KB
19 sumo.com
load.sumo.com
sumo.com
448 KB
17 yandex.ru
mc.yandex.ru
an.yandex.ru
5 KB
16 smartadserver.com
ww1097.smartadserver.com
www5.smartadserver.com
prg.smartadserver.com
sync.smartadserver.com
17 KB
15 lijit.com
ap.lijit.com
pxdrop.lijit.com
gslbeacon.lijit.com
vap5ams1.lijit.com
31 KB
13 adomik.com
projectagora-483829-hdb.adomik.com
1 KB
13 casalemedia.com
htlb.casalemedia.com
as-sec.casalemedia.com
dsum-sec.casalemedia.com
a3165.casalemedia.com
ssum-sec.casalemedia.com
dsum.casalemedia.com
16 KB
13 youtube.com
www.youtube.com
252 KB
13 adtelligent.com
player.adtelligent.com
ghb.adtelligent.com
sync.adtelligent.com Failed
ghb1.adtelligent.com
ghb2.adtelligent.com
160 KB
11 2mdn.net
s0.2mdn.net
152 KB
11 adsafeprotected.com
fw.adsafeprotected.com
static.adsafeprotected.com
dt.adsafeprotected.com
106 KB
11 projectagoraservices.com
ads.projectagoraservices.com
14 KB
10 ampproject.org
cdn.ampproject.org
204 KB
10 betweendigital.com
ads.betweendigital.com
cache.betweendigital.com
7 KB
9 projectagoralibs.com
projectagoralibs.com
17 KB
9 criteo.net
static.criteo.net
csm.nl.eu.criteo.net Failed
198 KB
9 google.nl
www.google.nl
adservice.google.nl
2 KB
8 amazon-adsystem.com
s.amazon-adsystem.com
aax-eu.amazon-adsystem.com
6 KB
8 googletagservices.com
www.googletagservices.com
264 KB
8 google-analytics.com
www.google-analytics.com
55 KB
7 cpx.to
p.cpx.to
s.cpx.to
9 KB
6 adpone.com
hb.adpone.com
558 KB
6 getsitecontrol.com
l.getsitecontrol.com
s2.getsitecontrol.com
dash.getsitecontrol.com
media.getsitecontrol.com
119 KB
5 bumlam.com
sync.bumlam.com
3 KB
5 yahoo.com
pr-bh.ybp.yahoo.com
ups.analytics.yahoo.com
4 KB
5 everesttech.net
sync-tm.everesttech.net
1 KB
5 bidswitch.net
pool.grid-data.bidswitch.net
x.bidswitch.net
2 KB
5 otm-r.com
ssp.otm-r.com
1 KB
5 adsrvr.org
match.adsrvr.org
2 KB
5 onetag-sys.com
onetag-sys.com
3 KB
5 themoneytizer.com
ads.themoneytizer.com
198 KB
5 googleapis.com
fonts.googleapis.com
ajax.googleapis.com
34 KB
5 gravitec.net
cdn.gravitec.net
id.gravitec.net
32 KB
4 id5-sync.com
id5-sync.com
3 KB
4 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
1 KB
4 e-planning.net
pbjs.e-planning.net
u-ams02.e-planning.net
2 KB
3 w55c.net
i.w55c.net
pm.w55c.net
2 KB
3 dotomi.com
pubmatic-match.dotomi.com
casale-match.dotomi.com
rubicon-match.dotomi.com
393 B
3 mathtag.com
sync.mathtag.com
2 KB
3 bidr.io
match.prod.bidr.io
1 KB
3 4dex.io
script.4dex.io
mp.4dex.io
24 KB
3 indexww.com
js-sec.indexww.com
15 KB
3 quantserve.com
secure.quantserve.com
pixel.quantserve.com
11 KB
3 openx.net
adtelligent-d.openx.net
moneytizer-d.openx.net
u.openx.net
633 B
2 kubient.net
matching.kubient.net
655 B
2 tns-counter.ru
www.tns-counter.ru
706 B
2 aidata.io
x01.aidata.io
1 KB
2 adsniper.ru
sync3.adsniper.ru
1 KB
2 adhigh.net
px.adhigh.net
825 B
2 ipredictive.com
sync.ipredictive.com
983 B
2 clean.gg
i.clean.gg
15 B
2 sitescout.com
pixel-sync.sitescout.com
pixel-a.sitescout.com
641 B
2 turn.com
ad.turn.com
969 B
2 simpli.fi
um.simpli.fi
1 KB
2 de17a.com
d5p.de17a.com
637 B
2 rlcdn.com
api.rlcdn.com
id.rlcdn.com
325 B
2 cloudfront.net
d2zur9cc2gf1tx.cloudfront.net
d2849lw36e7cot.cloudfront.net
63 KB
2 tmyzer.com
c.tmyzer.com
542 B
2 sascdn.com
ced.sascdn.com
ced-ns.sascdn.com
51 KB
2 adtrue.com
cdn.adtrue.com
exchange.adtrue.com
4 KB
2 webvisor.org
mc.webvisor.org
709 B
2 facebook.com
www.facebook.com
424 B
2 zmctrack.net
s.zmctrack.net
24 KB
2 facebook.net
connect.facebook.net
113 KB
2 googletagmanager.com
www.googletagmanager.com
115 KB
1 opera.com
t.adx.opera.com
410 B
1 33across.com
ssc-cms.33across.com
72 B
1 sniperlog.ru
sync3.sniperlog.ru
516 B
1 mookie1.com
odr.mookie1.com
324 B
1 contextweb.com
bh.contextweb.com
406 B
1 intentiq.com
sync.intentiq.com
1 rfihub.com
p.rfihub.com
784 B
1 mxptint.net
rbp.mxptint.net
694 B
1 adentifi.com
rtb.adentifi.com
88 B
1 smaato.net
s.ad.smaato.net
442 B
1 travelaudience.com
ads.travelaudience.com
520 B
1 blismedia.com
tr.blismedia.com
141 B
1 createjs.com
code.createjs.com
48 KB
1 krxd.net
beacon.krxd.net
338 B
1 gumgum.com
rtb.gumgum.com
238 B
1 bidtheatre.com
match.adsby.bidtheatre.com
534 B
1 iprom.net
core.iprom.net
1 adgrx.com
cm.adgrx.com
408 B
1 ad4m.at
ad4m.at
916 B
1 erne.co
green.erne.co
326 B
1 loopme.me
csync.loopme.me
208 B
1 adition.com
dsp.adfarm1.adition.com
501 B
1 cdn-adtrue.com
cdn-adtrue.com
1003 B
1 adleadevent.com
adtrack.adleadevent.com
522 B
1 360yield.com
ice.360yield.com
512 B
1 quantcount.com
rules.quantcount.com
1 KB
1 leadplace.fr
tag.leadplace.fr
6 KB
1 themoneytizer.net
g.themoneytizer.net
270 B
1 adxpremium.services
rtb.adxpremium.services
770 B
1 creativecdn.com
prebid-eu.creativecdn.com
178 B
1 loadercdn.net
loadercdn.net
170 B
1 hybrid.ai
dm.hybrid.ai
238 B
1 factor.ua
analytics.factor.ua
242 B
1 jsdelivr.net
cdn.jsdelivr.net
76 KB
1 googleadservices.com
www.googleadservices.com
15 KB
0 admedo.com Failed
pool.admedo.com Failed
0 onaudience.com Failed
pixel.onaudience.com Failed
0 tribalfusion.com Failed
s.tribalfusion.com Failed
0 1rx.io Failed
sync.1rx.io Failed
0 taboola.com Failed
trc.taboola.com Failed
800 116
Domain Requested by
59 tpc.googlesyndication.com buhgalter911.com
cdn.ampproject.org
securepubads.g.doubleclick.net
tpc.googlesyndication.com
googleads.g.doubleclick.net
29 runwaff.com buhgalter911.com
runwaff.com
cdn.projectagora-adtag-library.com
sshowads.pubmatic.com
29 buhgalter911.com 1 redirects buhgalter911.com
27 pagead2.googlesyndication.com securepubads.g.doubleclick.net
buhgalter911.com
www.googletagservices.com
tpc.googlesyndication.com
ads.themoneytizer.com
d2849lw36e7cot.cloudfront.net
cdn.projectagora-adtag-library.com
fw.adsafeprotected.com
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
23 ib.adnxs.com 2 redirects player.adtelligent.com
ads.themoneytizer.com
cdn.projectagora-adtag-library.com
googleads.g.doubleclick.net
acdn.adnxs.com
22 cdn.projectagora-adtag-library.com ads.projectagoraservices.com
cdn.projectagora-adtag-library.com
19 cm.g.doubleclick.net 11 redirects googleads.g.doubleclick.net
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
19 googleads.g.doubleclick.net www.googleadservices.com
buhgalter911.com
ads.themoneytizer.com
d2849lw36e7cot.cloudfront.net
googleads.g.doubleclick.net
cdn.projectagora-adtag-library.com
17 fastlane.rubiconproject.com player.adtelligent.com
ads.themoneytizer.com
cdn.projectagora-adtag-library.com
16 adx.adform.net 1 redirects player.adtelligent.com
buhgalter911.com
cdn.projectagora-adtag-library.com
s1.adform.net
16 mc.yandex.ru 3 redirects buhgalter911.com
cdn.jsdelivr.net
15 bidder.criteo.com player.adtelligent.com
static.criteo.net
ads.themoneytizer.com
cdn.projectagora-adtag-library.com
15 securepubads.g.doubleclick.net buhgalter911.com
securepubads.g.doubleclick.net
runwaff.com
www.googletagservices.com
14 pixel.rubiconproject.com runwaff.com
buhgalter911.com
14 eus.rubiconproject.com runwaff.com
eus.rubiconproject.com
ap.lijit.com
ads.themoneytizer.com
cache.betweendigital.com
14 gum.criteo.com 6 redirects ads.themoneytizer.com
secure.adnxs.com
static.criteo.net
14 fonts.gstatic.com fonts.googleapis.com
14 load.sumo.com buhgalter911.com
load.sumo.com
13 projectagora-483829-hdb.adomik.com buhgalter911.com
runwaff.com
13 www.google.com 2 redirects buhgalter911.com
tpc.googlesyndication.com
googleads.g.doubleclick.net
13 www.youtube.com apis.google.com
www.youtube.com
11 s0.2mdn.net buhgalter911.com
s0.2mdn.net
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
11 prg.smartadserver.com cdn.projectagora-adtag-library.com
11 ads.projectagoraservices.com runwaff.com
smarttag.rubiconproject.com
ap.lijit.com
11 hbopenbid.pubmatic.com player.adtelligent.com
cdn.projectagora-adtag-library.com
10 simage2.pubmatic.com 1 redirects ads.pubmatic.com
10 cdn.ampproject.org securepubads.g.doubleclick.net
10 ap.lijit.com 3 redirects player.adtelligent.com
runwaff.com
ap.lijit.com
10 apis.google.com buhgalter911.com
apis.google.com
www.youtube.com
accounts.google.com
9 projectagoralibs.com cdn.projectagora-adtag-library.com
9 static.criteo.net player.adtelligent.com
static.criteo.net
runwaff.com
buhgalter911.com
ads.themoneytizer.com
cdn.projectagora-adtag-library.com
9 ads.betweendigital.com 2 redirects player.adtelligent.com
ads.themoneytizer.com
ads.betweendigital.com
8 fra1-ib.adnxs.com cdn.projectagora-adtag-library.com
runwaff.com
cdn.adnxs.com
8 dt.adsafeprotected.com f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
buhgalter911.com
8 image2.pubmatic.com 1 redirects ads.pubmatic.com
8 mug.criteo.com gum.criteo.com
buhgalter911.com
8 www.googletagservices.com securepubads.g.doubleclick.net
buhgalter911.com
d2849lw36e7cot.cloudfront.net
googleads.g.doubleclick.net
8 www.google-analytics.com buhgalter911.com
www.google-analytics.com
7 ads.pubmatic.com runwaff.com
ads.pubmatic.com
exchange.adtrue.com
6 s.cpx.to p.cpx.to
runwaff.com
6 hb.adpone.com runwaff.com
6 ssl.gstatic.com accounts.google.com
buhgalter911.com
6 ghb.adtelligent.com player.adtelligent.com
5 s.amazon-adsystem.com 3 redirects ssum-sec.casalemedia.com
buhgalter911.com
5 sync.bumlam.com 5 redirects
5 dsum-sec.casalemedia.com 2 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
5 sync-tm.everesttech.net 4 redirects ssum-sec.casalemedia.com
5 beacon-ams3.rubiconproject.com runwaff.com
5 ssp.otm-r.com ads.themoneytizer.com
5 match.adsrvr.org 2 redirects js-sec.indexww.com
runwaff.com
ssum-sec.casalemedia.com
5 sumo.com load.sumo.com
5 smarttag.rubiconproject.com ads.rubiconproject.com
ap.lijit.com
5 onetag-sys.com 1 redirects ads.themoneytizer.com
cache.betweendigital.com
5 ads.rubiconproject.com runwaff.com
ap.lijit.com
buhgalter911.com
5 secure.adnxs.com 1 redirects runwaff.com
secure.adnxs.com
sshowads.pubmatic.com
5 ads.themoneytizer.com runwaff.com
ads.themoneytizer.com
5 www.google.nl buhgalter911.com
5 player.adtelligent.com buhgalter911.com
player.adtelligent.com
4 x.bidswitch.net 4 redirects
4 c1.adform.net 3 redirects ads.pubmatic.com
4 id5-sync.com 1 redirects runwaff.com
player.adtelligent.com
ads.themoneytizer.com
4 fonts.googleapis.com client
securepubads.g.doubleclick.net
4 adservice.google.com securepubads.g.doubleclick.net
4 adservice.google.nl securepubads.g.doubleclick.net
4 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
4 cdn.gravitec.net buhgalter911.com
cdn.gravitec.net
3 image8.pubmatic.com 1 redirects buhgalter911.com
cdn.projectagora-adtag-library.com
3 aax-eu.amazon-adsystem.com 2 redirects buhgalter911.com
3 acdn.adnxs.com runwaff.com
ads.themoneytizer.com
3 pr-bh.ybp.yahoo.com 1 redirects ads.pubmatic.com
ssum-sec.casalemedia.com
3 sync.mathtag.com 3 redirects
3 match.prod.bidr.io 2 redirects ads.pubmatic.com
3 image6.pubmatic.com ads.pubmatic.com
3 js-sec.indexww.com ads.themoneytizer.com
ssum-sec.casalemedia.com
3 spl.zeotap.com ads.themoneytizer.com
spl.zeotap.com
3 pbjs.e-planning.net 1 redirects buhgalter911.com
ads.themoneytizer.com
2 matching.kubient.net 2 redirects
2 www.tns-counter.ru 1 redirects buhgalter911.com
2 x01.aidata.io 2 redirects
2 sync3.adsniper.ru 2 redirects
2 px.adhigh.net 2 redirects
2 ssum-sec.casalemedia.com js-sec.indexww.com
ssum-sec.casalemedia.com
2 googleads4.g.doubleclick.net buhgalter911.com
2 cdn.adnxs.com cdn.projectagora-adtag-library.com
2 bid.g.doubleclick.net f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
cdn.projectagora-adtag-library.com
2 sync.ipredictive.com 2 redirects
2 pm.w55c.net 2 redirects
2 i.clean.gg d2849lw36e7cot.cloudfront.net
2 a3165.casalemedia.com ads.themoneytizer.com
d2849lw36e7cot.cloudfront.net
2 ad.turn.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 um.simpli.fi 1 redirects ads.pubmatic.com
2 image4.pubmatic.com ads.pubmatic.com
2 d5p.de17a.com 2 redirects
2 sync.smartadserver.com 1 redirects runwaff.com
2 token.rubiconproject.com 2 redirects runwaff.com
2 fw.adsafeprotected.com 1 redirects buhgalter911.com
2 vap5ams1.lijit.com runwaff.com
2 pxdrop.lijit.com ap.lijit.com
buhgalter911.com
2 pixel.quantserve.com 1 redirects runwaff.com
2 sshowads.pubmatic.com ads.pubmatic.com
2 script.4dex.io ads.themoneytizer.com
script.4dex.io
2 f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 ww1097.smartadserver.com 1 redirects ww1097.smartadserver.com
2 c.tmyzer.com ads.themoneytizer.com
2 mc.webvisor.org 1 redirects buhgalter911.com
2 dash.getsitecontrol.com s2.getsitecontrol.com
2 htlb.casalemedia.com player.adtelligent.com
ads.themoneytizer.com
2 www.facebook.com buhgalter911.com
2 s.zmctrack.net buhgalter911.com
2 connect.facebook.net buhgalter911.com
connect.facebook.net
2 www.googletagmanager.com buhgalter911.com
www.googletagmanager.com
2 l.getsitecontrol.com buhgalter911.com
l.getsitecontrol.com
1 t.adx.opera.com buhgalter911.com
1 an.yandex.ru buhgalter911.com
1 ssc-cms.33across.com buhgalter911.com
1 pixel-eu.rubiconproject.com eus.rubiconproject.com
1 secure-assets.rubiconproject.com 1 redirects
1 sync3.sniperlog.ru buhgalter911.com
1 odr.mookie1.com ads.betweendigital.com
1 bh.contextweb.com 1 redirects
1 rubicon-match.dotomi.com buhgalter911.com
1 sync.intentiq.com buhgalter911.com
1 p.rfihub.com 1 redirects
1 rbp.mxptint.net 1 redirects
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 casale-match.dotomi.com 1 redirects
1 rtb.adentifi.com ssum-sec.casalemedia.com
1 cache.betweendigital.com ads.betweendigital.com
1 u-ams02.e-planning.net buhgalter911.com
1 u.openx.net ads.themoneytizer.com
1 s.ad.smaato.net 1 redirects
1 ads.travelaudience.com 1 redirects
1 tr.blismedia.com f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
1 code.createjs.com s0.2mdn.net
1 static.adsafeprotected.com f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
1 i.w55c.net 1 redirects
1 pixel-a.sitescout.com 1 redirects
1 beacon.krxd.net runwaff.com
1 aktrack.pubmatic.com runwaff.com
1 id.rlcdn.com runwaff.com
1 d2849lw36e7cot.cloudfront.net ads.themoneytizer.com
1 rtb.gumgum.com ads.pubmatic.com
1 match.adsby.bidtheatre.com 1 redirects
1 pixel-sync.sitescout.com 1 redirects
1 pubmatic-match.dotomi.com ads.pubmatic.com
1 core.iprom.net ads.pubmatic.com
1 cm.adgrx.com ads.pubmatic.com
1 ad4m.at ads.pubmatic.com
1 green.erne.co 1 redirects
1 csync.loopme.me 1 redirects
1 dsp.adfarm1.adition.com 1 redirects
1 dis.criteo.com 1 redirects
1 cdn-adtrue.com exchange.adtrue.com
1 adtrack.adleadevent.com ajax.googleapis.com
1 pool.grid-data.bidswitch.net runwaff.com
1 gslbeacon.lijit.com ap.lijit.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 ajax.googleapis.com d2zur9cc2gf1tx.cloudfront.net
1 mwzeom.zeotap.com runwaff.com
1 8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 ice.360yield.com ads.themoneytizer.com
1 mp.4dex.io ads.themoneytizer.com
1 moneytizer-d.openx.net ads.themoneytizer.com
1 rules.quantcount.com secure.quantserve.com
1 api.rlcdn.com js-sec.indexww.com
1 www5.smartadserver.com ced.sascdn.com
1 exchange.adtrue.com buhgalter911.com
1 d2zur9cc2gf1tx.cloudfront.net ads.themoneytizer.com
1 p.cpx.to ads.themoneytizer.com
1 secure.quantserve.com ads.themoneytizer.com
1 tag.leadplace.fr ads.themoneytizer.com
1 ced-ns.sascdn.com runwaff.com
1 g.themoneytizer.net ads.themoneytizer.com
1 ced.sascdn.com runwaff.com
1 cdn.adtrue.com runwaff.com
1 s1.adform.net runwaff.com
1 media.getsitecontrol.com buhgalter911.com
1 ghb2.adtelligent.com player.adtelligent.com
1 ghb1.adtelligent.com player.adtelligent.com
1 rtb.adxpremium.services player.adtelligent.com
1 adtelligent-d.openx.net player.adtelligent.com
1 prebid-eu.creativecdn.com player.adtelligent.com
1 f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 loadercdn.net buhgalter911.com
1 s2.getsitecontrol.com l.getsitecontrol.com
1 id.gravitec.net cdn.gravitec.net
1 analytics.google.com www.googletagmanager.com
1 dm.hybrid.ai buhgalter911.com
1 accounts.google.com apis.google.com
1 analytics.factor.ua buhgalter911.com
1 cdn.jsdelivr.net buhgalter911.com
1 www.googleadservices.com www.googletagmanager.com
0 csm.nl.eu.criteo.net Failed gum.criteo.com
0 pool.admedo.com Failed ads.pubmatic.com
0 pixel.onaudience.com Failed ads.pubmatic.com
0 s.tribalfusion.com Failed ads.pubmatic.com
0 sync.1rx.io Failed ads.pubmatic.com
0 trc.taboola.com Failed ads.pubmatic.com
0 sync.adtelligent.com Failed player.adtelligent.com
buhgalter911.com
800 200

This site contains links to these domains. Also see Links.

Domain
i.factor.ua
factor.academy
buhgalter.com.ua
reklama.factor.ua
bit.ly
www.youtube.com
Subject Issuer Validity Valid
buhgalter911.com
Sectigo RSA Domain Validation Secure Server CA		 2021-11-08 -
2022-11-08		 a year crt.sh
*.gravitec.net
AlphaSSL CA - SHA256 - G2		 2021-03-04 -
2022-04-05		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.getsitecontrol.com
Go Daddy Secure Certificate Authority - G2		 2020-03-05 -
2022-05-04		 2 years crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
player.adtelligent.com
R3		 2021-11-19 -
2022-02-17		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
ghb.adtelligent.com
ZeroSSL ECC Domain Secure Site CA		 2021-10-09 -
2022-01-07		 3 months crt.sh
*.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-05 -
2021-12-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
*.sumo.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-04 -
2022-05-04		 a year crt.sh
*.factor.ua
Sectigo RSA Domain Validation Secure Server CA		 2021-01-18 -
2022-01-18		 a year crt.sh
s.zmctrack.net
Sectigo RSA Domain Validation Secure Server CA		 2021-04-21 -
2022-04-25		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.hybrid.ai
Sectigo RSA Domain Validation Secure Server CA		 2020-07-07 -
2022-10-05		 2 years crt.sh
*.google.nl
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
mc.yandex.ru
Yandex CA		 2021-07-28 -
2022-01-07		 5 months crt.sh
loadercdn.net
R3		 2021-11-26 -
2022-02-24		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2021-03-11 -
2022-04-12		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-30 -
2022-04-04		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2021-08-04 -
2022-09-04		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
ads.betweendigital.com
Sectigo RSA Domain Validation Secure Server CA		 2020-11-19 -
2021-12-20		 a year crt.sh
*.creativecdn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-30 -
2022-04-12		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
*.adxpremium.services
Sectigo RSA Domain Validation Secure Server CA		 2021-08-05 -
2022-09-05		 a year crt.sh
ghb1.adtelligent.com
ZeroSSL ECC Domain Secure Site CA		 2021-10-12 -
2022-01-10		 3 months crt.sh
ghb2.adtelligent.com
ZeroSSL ECC Domain Secure Site CA		 2021-10-12 -
2022-01-10		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
runwaff.com
Amazon		 2021-07-10 -
2022-08-08		 a year crt.sh
misc-sni.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.themoneytizer.com
GoGetSSL RSA DV CA		 2021-02-14 -
2022-03-17		 a year crt.sh
paadserver.projectagora.info
R3		 2021-09-23 -
2021-12-22		 3 months crt.sh
*.adtrue.com
Sectigo RSA Domain Validation Secure Server CA		 2020-08-14 -
2022-08-14		 2 years crt.sh
*.sascdn.com
DigiCert SHA2 Secure Server CA		 2021-09-13 -
2022-09-13		 a year crt.sh
g.themoneytizer.net
GoGetSSL RSA DV CA		 2019-10-16 -
2022-01-17		 2 years crt.sh
c.tmyzer.com
R3		 2021-10-02 -
2021-12-31		 3 months crt.sh
*.leadplace.fr
Gandi Standard SSL CA 2		 2021-09-12 -
2022-09-12		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
p.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2021-02-02 -
2022-02-02		 a year crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
cdn.projectagora-adtag-library.com
R3		 2021-10-08 -
2022-01-06		 3 months crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA		 2020-01-30 -
2022-02-03		 2 years crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-25 -
2022-03-28		 a year crt.sh
*.otm-r.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-11 -
2022-06-10		 a year crt.sh
*.e-planning.net
R3		 2021-10-22 -
2022-01-20		 3 months crt.sh
*.360yield.com
Amazon		 2021-07-28 -
2022-08-26		 a year crt.sh
s.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2021-02-03 -
2022-02-09		 a year crt.sh
cert1.a2.atm.aqfer.net
R3		 2021-11-23 -
2022-02-21		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2021-08-11 -
2022-09-09		 a year crt.sh
pool.grid-data.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-03-06 -
2022-03-06		 2 years crt.sh
adtrack.adleadevent.com
Amazon		 2021-05-17 -
2022-06-15		 a year crt.sh
*.match.prod.bidr.io
Amazon		 2021-02-26 -
2022-03-27		 a year crt.sh
public1.adgear.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-24 -
2022-03-26		 a year crt.sh
*.iprom.net
R3		 2021-10-04 -
2022-01-02		 3 months crt.sh
*.simpli.fi
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-27 -
2022-11-27		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-24 -
2022-02-16		 6 months crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.gumgum.com
Amazon		 2021-06-05 -
2022-07-04		 a year crt.sh
*.adomik.com
Amazon		 2021-03-03 -
2022-04-01		 a year crt.sh
casalemedia.com
Go Daddy Secure Certificate Authority - G2		 2021-01-13 -
2022-02-14		 a year crt.sh
i.clean.gg
GTS CA 1D4		 2021-10-22 -
2022-01-20		 3 months crt.sh
static.adsafeprotected.com
Amazon		 2021-09-05 -
2022-10-04		 a year crt.sh
*.adsafeprotected.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-26 -
2022-06-17		 a year crt.sh
*.id5-sync.com
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4		 2021-05-10 -
2022-06-11		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
tls.adobe.com
DigiCert SHA2 Secure Server CA		 2020-06-01 -
2022-06-06		 2 years crt.sh
tr.blismedia.com
GTS CA 1D4		 2021-10-25 -
2022-01-23		 3 months crt.sh
cache.betweendigital.com
Sectigo RSA Domain Validation Secure Server CA		 2019-11-08 -
2022-02-05		 2 years crt.sh
adentifi.com
Amazon		 2021-09-04 -
2022-10-03		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh
*.intentiq.com
Amazon		 2021-04-04 -
2022-05-03		 a year crt.sh
*.adx.opera.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-14 -
2022-06-10		 a year crt.sh

This page contains 118 frames:

Primary Page: https://buhgalter911.com/
Frame ID: 92049F143DBD4B29005E65409CCC7361
Requests: 164 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Frame ID: A4EE1235EA7A8E8A061F1CA04C2DB992
Requests: 5 HTTP requests in this frame

Frame: https://s.zmctrack.net/z
Frame ID: 4EC3C41C1A2E637BDB851644FC7C3085
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Frame ID: EA0A61947172C26AF653B5FE08EEBE57
Requests: 4 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fbuhgalter911.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Frame ID: 1C365D4185004E30FCDE58D00A0944AD
Requests: 4 HTTP requests in this frame

Frame: https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=a33c07a5-2bc4-4040-82d7-a80596d12e56
Frame ID: ACBD9DA823771F8A684E35755BF18AE4
Requests: 1 HTTP requests in this frame

Frame: https://id.gravitec.net/
Frame ID: 1AB986124EC97BD7E43A41A7FCB81518
Requests: 1 HTTP requests in this frame

Frame: https://f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 08069912D84508021AC3024482D3B6C5
Requests: 1 HTTP requests in this frame

Frame: https://s.zmctrack.net/z
Frame ID: E9E46112BF02553FA4FC14A4750B14F3
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Frame ID: 88EFE90C027FBF8A8B77587600EA0071
Requests: 4 HTTP requests in this frame

Frame: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Frame ID: 1E32F31E611001D29A06AA5F348B7EF2
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 838F66695F0CB6053BA6F0A9B525A38B
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss30jYM_CZS4pZ8AJEztQ2M1PtrGPJhd7A6hjkGj7fsfZFGcEAQFUedj0jYl9xBT7ytWlZdO1xxj6vTLSp2F4k2q7nooYlVOKvJpBjI3joW0LB64BaWWYk9afjHj2dcL4MMpfSfzjioFWAdcfMdr0hHXiTiKF0LjI7mDLE_YNbAfbQAC1XiJpYr8lGkFPSy8FAycLhllb3acijXvr8kXeT7Nyr5j7P3WTBQtfEgS05uWFv6oRdARKtB29zCeQ_x7PlB47FqU3mm-fhnV9LHOrrGhOw9lE1X_Q9ICER0W2un2tREWUYBBlceI95yaQUeiEddzHsSdJOjpg3F&sig=Cg0ArKJSzFe9dkTmz5gkEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: AB5C00BA714A65B7A503FBADED116F38
Requests: 7 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: FE2ACB005948347922C96426D1F81F87
Requests: 22 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Frame ID: 91B6215B3DF747A91401725949FDBF7C
Requests: 20 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 7A3FB4D22739A55AB1A426FF8AF04D4A
Requests: 8 HTTP requests in this frame

Frame: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=53b2002c59d3e5f630751881f15474be9&cb=2010711637997919628
Frame ID: D3640F5E902FB6A104A1ECB783CF1E8F
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=98f4e4faa4233f870087ce42c5a513e95&cb=1345621637997919630
Frame ID: FE39F8B12FB920C6BA1A43440BE9C33F
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Frame ID: 8EA5FC395E9BB2EB9C13AC4C993B54F1
Requests: 56 HTTP requests in this frame

Frame: https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=baaeee3411d3fd157639692256e43d715&cb=5288031637997919632
Frame ID: E239C09E1778826F78C4CF2D7615566D
Requests: 11 HTTP requests in this frame

Frame: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Frame ID: 6F82A35DC04348A6432FCCDE663FC553
Requests: 24 HTTP requests in this frame

Frame: https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=29e1899b19056b3bbad87d287cfa52325&cb=8648741637997919635
Frame ID: 42E1BA144C7382F9CBB5F201508D2BC6
Requests: 5 HTTP requests in this frame

Frame: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Frame ID: 8290C538DE74C2D461B0B670FA0BCA94
Requests: 4 HTTP requests in this frame

Frame: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=f9cc45838f4c29b5f9349ce01f9beb869&cb=3930431637997919638
Frame ID: D3C778AB4832F6962554BB7B3F841E39
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Frame ID: 935368EF1281F094768E7E184022377B
Requests: 14 HTTP requests in this frame

Frame: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=3c0f5400ba98f8cac9b313d902398d0a1&cb=6580791637997919642
Frame ID: 1B9FF8882BC7521F5C751CF20D771F46
Requests: 4 HTTP requests in this frame

Frame: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=69ea1948c62a33cfec0ab584a19243e31&cb=0876431637997919643
Frame ID: F212A29CDB822E39944584D6CA9C3594
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=5a53537a17bd44ad82d5176115d03d729&cb=4418541637997919644
Frame ID: A4E4F9742ADA7B56E8E75855843C518E
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=79ebc9f4a562a4247447de7d211baa9c5&cb=8867251637997919646
Frame ID: EF304D107111D952DA2B6D82ACB0E175
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=4e0ac44bc5a2e0e5c22c8af2178591cf3&cb=4919941637997919647
Frame ID: 7BC4B7AD6955687CF22EEB5B383541F1
Requests: 2 HTTP requests in this frame

Frame: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Frame ID: DC1B3EC220BC5311738DF2369448237F
Requests: 3 HTTP requests in this frame

Frame: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Frame ID: B579AD0825FA03E2372EA4DF3FD1EB91
Requests: 6 HTTP requests in this frame

Frame: https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=f5e96ef64602be065840c9b0c393d0799&cb=0266181637997919652
Frame ID: 5241C7F3721B159E368708A3E4E24207
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1637997920063
Frame ID: 5AB1C1986969096EC59A676D62F7634D
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258&cmp=0
Frame ID: 5B33F14BF6F40588EFC95E9EDE488C25
Requests: 4 HTTP requests in this frame

Frame: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 2CA7EE595547F250ED0CA93404C92055
Requests: 1 HTTP requests in this frame

Frame: https://exchange.adtrue.com/delivery/impress?pzoneid=14780&ref=https%3A%2F%2Fbuhgalter911.com%2F&cb=3264462715&timeZone=0&adWidth=728&adHeight=90&loc=https://buhgalter911.com/
Frame ID: 02A1789F25526BE11D922BA367848371
Requests: 6 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Frame ID: 68E03F0C4437C5D1492CDF8E1F84E155
Requests: 3 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Frame ID: EAAD8CB81707AC4E21370C2CDA8F1240
Requests: 10 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/17210.js
Frame ID: 9EFF1ECA250B1B327257E2F66FDFF89E
Requests: 11 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Frame ID: F4DB4E9C64D302CF7B377EA329B06286
Requests: 10 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Frame ID: 75C2FD23F5AEC5C4584CC5D15D1B3E06
Requests: 10 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Frame ID: 78837D2E5EE9821F881E54A2BAAAF28F
Requests: 10 HTTP requests in this frame

Frame: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Frame ID: EFC12BB0EF9386991FBC732E90A29C9E
Requests: 10 HTTP requests in this frame

Frame: https://8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 95BEC3E5DC9B340A0A26E1991F233AF1
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 0DED383C364665094F7C280FC0749B58
Requests: 22 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 4FD95F75EBEACB5828A9AC27F9101FF0
Requests: 1 HTTP requests in this frame

Frame: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 8FAE95E99A587E7807F185A6179CEA37
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 0E68F3D49BBDBD2162247C8339CA222D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 97CAE6E18A229D9AE1C1AE82540C84BE
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Frame ID: 0FB3D6787539A9373610DD26E03CCEFC
Requests: 10 HTTP requests in this frame

Frame: https://gslbeacon.lijit.com/beacon?viewId=a_660774_f84c9d8fad1d4a18923802ba9b6ff797&rand=8888&informer=13406526&type=fpads&loc=https%3A%2F%2Fbuhgalter911.com%2F&v=1.2
Frame ID: DA1810284B4717ED5EA3BA6CD24B4D26
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Frame ID: 86F7F0E75DFB80B552293E1E9EDACF8D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BZexcGYXonaAPfBz--v8YH5MgncV8HJT7B7K5MT2DA1-m81SG6jWP0B-HGQHJIj-JU2UKatc4BZtyiqFaNu4IVzg190_kEb6ufDIEvBgF7K4ktCm6pclttXMQnipdmgOA9N3TKRh8s674OzKMgeWUtzwdfqA&dbm_d=AKAmf-AZpsAiEzvF1E2KtFoviyr33U4SeGdFCkpWAWar6yzvyM5PqYmv5QqtF18oCXXL2nJuxVToFpe9NNVCw6eq__kAOVBeVsDnAGuQYQCzFnrJhmYd6R_y3eSvLPk3hjVpqDDe1lCP_9OghrEyL3crSY7S7Z2kGZCUNhyzMKwDPkz_vJd_e9mr61okxGc9QFFUTOS3rGMrURfgdEKEVegeKol-8rMcuHKZb08dY56t5fgJeQNrnVzVR29rmop6VxsL7kJ94HnLcnG9ByDfxGq3zpMxU0DDOxus7ZcjXMYzTm3bokco-qqx0MolaABI8ZEdQImUdhJJ0pbXRV2zyycraYqIuuSyGIsHfHJ-wg8-pAStE16GdMAwlevkAzpJx2dt77oMIxwJJOuq6-Bai0acvMPVDIcck-i_LnGGq_w6IbduFuoHuBmFIU-OvdQ2ngItoiEYppU0thK4PM53SGfav_9J0HgRfVHm1qVf5SIr2cmdPHbG5Ph4XUbuyKQy9VSNLRPxltEUFUqvrtnbhIxGDaymU-lFXlJjIj8q8Ygd690bdwnuesgukgy7QYX_QwgkOgaNqT3_UsvJtRUFBP29pfCHmeOfiwbPXe6q0LHrNFdk8TEuWe5NAJIbclRTxhDZznav2EF5dtwYaYe_gQJbbKjW-_UpLItjCd49WzSxjmIX08ipkKbWeCqZWpcth6MyizVfIflqXMjoMnqY0GBjXiGVPJekwyKHDUuOVUSUQPYbKMHCrulB41PN6VbNF3EBdmV3zWuY8xRmlyIdX0Zj0cHOuYM77V5eyzDWsPDTWOsfxtlSmP8eK4IEOul8dT2zf48pc0Af_qGSO2XvMv8o0uUAESkxOIHz_UBchY0dbxKh4SBD3eeRRCd5yBisVCEqaZISqBW_cfZSC2QTHAQ2wrLyBxwFG1TBuytzjaYwmGN2pDILeuAAoW89714mSJnPnOUAbtVRCJDFP0XBsdUqNNlvyx9J4ze9JiUV2cHnTKzIYZaJX39HoCtmCDWRNyW_9jH-RumIvgM66UnHpVdAjiXS_vb3xJZi1yZ0iSRfSZLKz3xSMFaE5vr8DmyxDaaW64uWGkPhapdD7hlS-OG-1btvLIzauLK_tEmoz5P104Qay2h_FSLYRQb6Bdm0VR1Ip0BxAA0njIFr5Zul5VL2XfG_Y-hrcDX2Qk1NBduPVD7lpd44c3Ns7nFGb00u3K9s629AkoDkaW38rdKn9ffzWQCHqKKcwIkKI6l7olRJJKVexZPbJwGTxjPd2Q_O5CyHsfqabzM19WyGmoGqv1dxKim4tuRtKP_RgcDkOIL1zSDG0gMKBJD3RqoI5mX0HqiDylspBFqxGhRkBWCH2xuO1Bjs6m79WMvHFT5hyStrqoKym6feD6sDAgVdc7rLg4t6zU_Fct0rLZzEhKwcq5gtAiESJ0SQl1fp5LlMGe8KJpCnlOp74qfReHZ7IZDywatbRSOdoqlGy002IpfKUrQFbJUm-_6NDjQjzHnL4juTbacSk3X8cAdTesid_4EIzR-FLpzS7lIi9FvYs12QEiveQHS46Z_5lFYDNdt2IPvb1J1AKrOFqR39S0NniKZDKlsxY897mIg0jDieUBv2Y_lBpHzN3z7OuGNCrWCLkCoxleFj9DDJo9-iSceGe1W3P5ryGfL0TY2YGXXkUdSf3LycsxLEzOpONV90Zw3go7GRu7_1Y9skGkXo2QoDN1LxBMPAcx-yMnt4bxp4LXAdVx56RXGRCp5luiAQJd-Dy_XMs82CjEF-uAxABMJOtB8q5xcNbu6gICh7VmI5fH8RQPJTGQPhpjdSDM__ldxZA0lDsXZ59DA1jPvYGIwcLh4Kf4upSh6W-UO5gPYlxW7dwJfZWAYElDmlDU-jwDSWymnaEsCNhgMkmImLkQ70mSnLQ2ynrzIEb7NlH_3UYB0XXucibSQRyvBPhRQ7FtjGF-o7NZQ6aJHXKvSqrlmLFMpYtnu72lryoxGLXIFzXafKZSjN5nXEmZnGoglTmwj4LIoPJBRghONXoiktF5ErMaGuW9aW3d_ZdNpLBkm1915X_79zQe-j5djA2t5BEyrb_WuLSUY43LcvajYHat4TKNVwRh07jM8eFaNIpNK4wreOV3obGiyBFeY97q6jyTiN1R27UKteMHnpLD_xuXYXIul-5u2Jd7qRghQbMy6QaIE6SbtaTNrrbB35sT1kQkTg8oab0_5349yJpBKyi9KZG9SZCOtICqBBUabV3H5tPDb-rj22krnkD77_le6aPYOp26ALMKJPrePfp2u6vKkTNsJC4Tr1JbDL162jZpArC4gpcvTp_Mvf073COcMbzbzROPpdR8TdS3ZKjXOC1naIR14gduw0FTXPyOEIS1ugqebTshT_TboPTATTwbwUR-YdYjSWCMsi2eyX3gleHGJHwvI_Lb8k8Y2fje9xgW8vY9aQrRMkPNB0tkzDn9NHJRX9gOvf5JgZU7GRW6w1E6jsRhDNQHzsvUPHtGlHia7MZkPESHM9aZ-I4TVuIoX-Nx2zE6KC9ivTKo9E09y3Ax__sk-4xCjb4kERtM-Lsm_bQrl9dEQ6rIzerT7s7YGLy9N2dJ7ROgPOVTTZraG7No5tk6rrTL8brcjjaJNe9tLQCqevGvbFLacwSD63ViaBnNSlmtYWdTHdr31yLaUQDw84nyEf5yaA31iq1RBsLsvtfUsrg95TLeL3K_I0SZzycbOW7Moymr_MrZCywas&cid=CAASEuRoBNblnOiFnE199aJ4zOpePw&rfl=4%2Chttps%253A%252F%252Fbuhgalter911.com%242%2C%2Chttps%253A%252F%252Fbuhgalter911.com%252F%240
Frame ID: C27B7634BC0EA9B6B4E834769DCC6790
Requests: 24 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/17210.js
Frame ID: 5AE5ADC313A1C3F1B202223A6322A6A9
Requests: 16 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Frame ID: 57BB115FEE7C6745FA63509CFDA2A8A5
Requests: 2 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6
Frame ID: 0C2075D4ACA99EB1EFDE4B0478F2224E
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8855741626325625944
Frame ID: 3D4C0E2AEDBC3CA730F0FCE8F96170E3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: B80FCE09EB1D199CC9365DFE184496D3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7035147497331357850
Frame ID: 61EBDB378A62408FA6E916F08BA1192B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YaHdYAAHnHYSWQAz&gdpr=0&gdpr_consent=&_test=YaHdYAAHnHYSWQAz
Frame ID: D60E0E11503783B235766969A5A42A34
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: B0FFF36781087467AA1FFE506F0187B9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 59B544C2C296C3CCD6F4064AF4D19839
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=i7BbsPkJiLKUzbjpbOBrX4s9
Frame ID: 918C73A3589575D1760DED037C994484
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 8226A8F2895806037F7202B5BB33CCB1
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: D3A07BC34D85969FDDCEE50F4D7F7F31
Requests: 1 HTTP requests in this frame

Frame: https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
Frame ID: 87A40C5E8154FCA5A5770F542B0C32D9
Requests: 1 HTTP requests in this frame

Frame: https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
Frame ID: 007A2597B2544F5AA929D17D057DBBC1
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync
Frame ID: 135111F0322CF917045CF63DE7C0C30A
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 8B5BA6709A4A3C0FE00EE9B925A22A20
Requests: 1 HTTP requests in this frame

Frame: https://ads.rubiconproject.com/ad/17210.js
Frame ID: 7DA2BC8EFB6501FF6849AE2712D28934
Requests: 16 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 3E280B377CFD5D680B3CE298A9072C5F
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 8705769300BD60E7024E683C12363E2B
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: C9756AC2D6044A6C72316FA27E3AD107
Requests: 1 HTTP requests in this frame

Frame: https://d2849lw36e7cot.cloudfront.net/script.js
Frame ID: 525D564D957B8EC1F08931A7A10706EF
Requests: 9 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: A3FEBB458F51353DA8150A7B123E2B2D
Requests: 2 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 30895299A20DFC19D025B0FA1C6DEC48
Requests: 2 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 5B5EE8E66C15BA7CC30F94D2EE563B0D
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Frame ID: 001D8E92A3E3C5FAD1D297119F88D509
Requests: 2 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 515739E01DB9FDADC58B45EFF196D2C1
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DE4F45BC64774F89CA6D8B22A49AB4A3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: F1B2D3B1BD8B7A2A4085A9000B64251D
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F52E4C9540246E413B403D0A60379111
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Frame ID: 05FB6344CB5DB5A06D8BDF7B2A6F6792
Requests: 10 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: 2BEEB055311CF331AFB11D30209107F5
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Frame ID: 04AF4CC6745B13B880DFB45B716FD3DD
Requests: 9 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: CDCAFDF27F311A873EEA39094F663FBA
Requests: 2 HTTP requests in this frame

Frame: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=155495&siteId=631669&adId=2450426&adType=3&adServerId=165&kefact=0.300000&kaxefact=0.300000&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=0&kltstamp=1637997921&indirectAdId=2210501&adServerOptimizerId=1&ranreq=0.9368814030214252&kpbmtpfact=0.000000&dcId=3&tldId=0&passback=30&svr=ADS23006U&adsver=_3010998657&adsabzcid=0&cls=ADS&ekefact=Yd2hYUggAACNyytngEri7XpvxHJtH9rbD5MXroKzpC970XMA&ekaxefact=Yd2hYV8gAAB72bd9-js17869Mes9uXhaERp8fiIlzGCNsXA_&ekpbmtpfact=Yd2hYXQgAABgUCcRi_g82k6eNIsrErv2qiUcI5dVrksqg8uw&enpp=Yd2hYYggAAAeFed0hLgDM02U7In7ysUD5AhxI_BNA4m79oHX&pfi=1&dc=lhr19&crID=0&campaignId=0&isRTB=0&imprId=98744631-EC67-44C9-B2BE-AEE6E1427674&oid=98744631-EC67-44C9-B2BE-AEE6E1427674&cntryId=167&domain=buhgalter911.com&sec=1&pmc=0&pAuSt=2&wops=0&sURL=buhgalter911.com&BrID=5
Frame ID: 9F2DDD2331E768D981D017A2B5C07941
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Frame ID: 2785A3112AD686C7FD2CA996FA51A3F8
Requests: 2 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: A6C82313D3C239A11852D72B50ABE2DB
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Frame ID: 840BB676429E5C35548EC897C4EDD12B
Requests: 11 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 01F502972C7764DF3CDA3CC6F115241B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AD808F0765AE64A990ACD781B9913E34
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: 3AA2C41718FC0ABF91B9F30DD76C863A
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: 0049AACB1012170E59452CF35A5CE976
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Frame ID: EF25B0C3B403C6647EB536532B663D73
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Frame ID: 139580E3EDBBFDA348199E2C9A9928A4
Requests: 9 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Frame ID: C1522E6153F17DB98564AD7C0DBC1B90
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Frame ID: A1538C23842BD13AB2F64593541A7E0C
Requests: 3 HTTP requests in this frame

Frame: https://projectagoralibs.com/libs/pa_backupads_lib.js
Frame ID: EB84DA3A1D66CEBD97959F761A1B2809
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 43E35FAE085EDA271599EBAF62988D06
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
Frame ID: BCBE81434E0C6627CA431844673A0356
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Frame ID: 89C389CC470DF2509600A32C04C271FC
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Frame ID: E4BF6381615C69E2BAE56A609601986D
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 1FEC448C659B43CE64D0EB86797560C4
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Frame ID: 35E8DC3124D9345C9EFC2EE8BDB8986B
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Frame ID: D14C10503EBDE0399F3758167A720A9B
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 74F970E175FBB553D3ECE5F66E293BF2
Requests: 1 HTTP requests in this frame

Frame: https://ads.betweendigital.com/sspmatch-iframe
Frame ID: 59D5A5C86048672147F8F398D55582A4
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 69FB4D537FDCF826B0657A721D38E6EB
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: BA38D077B81D41297A1C490AFEF317EE
Requests: 10 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 44192C11859A3F313E6EE9E0D7E5BFE3
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1637997920498
Frame ID: 2DBFE6F1B18A5F856CDC17CE63B2F98E
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 0493B7E32B0DA0E6519243E6168183B4
Requests: 10 HTTP requests in this frame

Frame: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&CACHEBUSTER=130266
Frame ID: 4C6D55926EB8892285B342E3FF9DC1E4
Requests: 7 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Frame ID: E239A53657DBE2034F1590206DC3AD1B
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Frame ID: C80E5E57CB861C3ABEFD2D657D234CDE
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Frame ID: BC8E8095E7C49F7F73160753AA8D641D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Бухгалтер 911 - Сайт для бухгалтеров, аудиторов, налоговых консультантов в Украине

Page URL History Show full URLs

  1. http://buhgalter911.com/ HTTP 301
    https://buhgalter911.com/ Page URL

Page Statistics

800
Requests

89 %
HTTPS

32 %
IPv6

116
Domains

200
Subdomains

147
IPs

14
Countries

7537 kB
Transfer

22358 kB
Size

134
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://buhgalter911.com/ HTTP 301
    https://buhgalter911.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60
  • https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D HTTP 307
  • https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=a33c07a5-2bc4-4040-82d7-a80596d12e56
Request Chain 77
  • https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A2%3Adp%3A0%3Als%3A487371354690%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A935701626%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Ast%3A1637997917&t=gdpr(14)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A2%3Adp%3A0%3Als%3A487371354690%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A935701626%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Ast%3A1637997917&t=gdpr%2814%29ti%282%29
Request Chain 78
  • https://mc.yandex.ru/watch/23783032?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A1264831617969%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A40472431%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1637997917%3At%3A%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&t=gdpr(14)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/23783032/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A1264831617969%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A40472431%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1637997917%3At%3A%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&t=gdpr%2814%29ti%282%29
Request Chain 116
  • https://pbjs.e-planning.net/pbjs/1/2e43c/1/buhgalter911.com/ROS?rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x500%2B160x600_1%3A160x600%2C1x1%2C200x400%2C240x400%2C240x500%2C240x600&ur=https%3A%2F%2Fbuhgalter911.com%2F&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter911.com%2F&e_pubcid=6078ca1e-356b-4e95-bceb-b89a8a51d799 HTTP 302
  • https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter911.com/ROS?ct=1&r=pbjs&rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x500%2B160x600_1%3A160x600%2C1x1%2C200x400%2C240x400%2C240x500%2C240x600&ur=https%3A%2F%2Fbuhgalter911.com%2F&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter911.com%2F&e_pubcid=6078ca1e-356b-4e95-bceb-b89a8a51d799
Request Chain 123
  • https://mc.webvisor.org/sync_cookie_image_check?t=ti(4) HTTP 302
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9470.si39KFy5uL0FplTk3ikDLboJPkCacRPgffshn_4mvMe34zFFxF6LCwzyldSFKL3t.H6MJnL131a66FJAzAXs5atjS9dQ%2C HTTP 302
  • https://mc.webvisor.org/sync_cookie_image_decide?token=9470.__6JEIjSPY7w2MJkPWOidLadl_2zMoYpvWZmq-vgFlO_DliRd9-gA6a3lcgh7xcbZEZNbMfoTVTrCpe5o81FW1xZGtyhSJMk9PsvAZp_hKg%2C.QPKXNXNj4z2jdwO2f5DkOzyBuns%2C
Request Chain 254
  • https://ww1097.smartadserver.com/config.js?nwid=1097 HTTP 302
  • https://ced-ns.sascdn.com/diff/js/smart.js
Request Chain 264
  • https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
Request Chain 292
  • https://adx.adform.net/adx/?rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195 HTTP 302
  • https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195
Request Chain 321
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258 HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEBO3dBQUstarXGnpiu5X_5c&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258
Request Chain 333
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=0&topUrl=buhgalter911.com&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=HWfchnw2bnpsejVmWFFVZDUzTzE5WEZjak1hTGE1UEd2a3JIdHphbHFBM3Z0R216N25xQ3JNanc1NHpkQi9aemMxZXR2T0ZMbm9jRUtHdWlzKzVBbXV3ZUNjQnkwTmZ2L0xBZmRzMGVkckp6SzhGTXB4SlFvL3J3VkdNTkROdzVlOHR2RGNCRGU3eld4L0Y2UXFlcHg3S3Z0UExnYlhGU0JqelNZd01ic3dmbFM0ZFhMbzRCNGVHb0M0NWxVeVpRblhWZmxrT0wzYjRkN3VlRFFXcEUwT2FvVUUwU0MwM0hBMWgvM1k5amh6RWx3enB4dWVSS25pem1HR01qeUZqQXZLM0hDZXY0aG1EQ1pWYUhENmJxTmYvSmxCQW1PSTYvTHpYTDd2MDkvMUoxdjBsZz18&cppv=2
Request Chain 376
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dface160a-a46e-4d75-a385-19d08b0d37e2 HTTP 302
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&fid=face160a-a46e-4d75-a385-19d08b0d37e2
Request Chain 377
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2 HTTP 302
  • https://s.cpx.to/ca.png?dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2&google_gid=CAESELne4LTOyZYzD_y11z9rquE&google_cver=1
Request Chain 378
  • https://token.rubiconproject.com/token?pid=34010&puid=7238739462d2b08c&gdpr=0 HTTP 302
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KWHHO1UB-X-G6J7&customParamenters={p:customParamenters}&gdpr=0
Request Chain 379
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3Dface160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0 HTTP 302
  • https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=face160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0&cklb=1
Request Chain 380
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12762%26ref%3Dhttps%253A%252F%252Fbuhgalter911.com%252F%26hn_ver%3D20%26fid%3Dface160a-a46e-4d75-a385-19d08b0d37e2%26dsp%3Dpub_common%26dsp_uid%3Dc64d6732-2c5f-4aa1-bd00-c184da9069b3 HTTP 302
  • https://s.cpx.to/an_fire?app_nexus_uid=6458645844671079244&pid=12762&ref=https%3A%2F%2Fbuhgalter911.com%2F&hn_ver=20&fid=face160a-a46e-4d75-a385-19d08b0d37e2&dsp=pub_common&dsp_uid=c64d6732-2c5f-4aa1-bd00-c184da9069b3
Request Chain 381
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1 HTTP 302
  • https://s.cpx.to/sync?dsp_uid=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&dsp=TTD
Request Chain 398
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8855741626325625944
Request Chain 399
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Request Chain 400
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7035147497331357850
Request Chain 401
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YaHdYAAHnHYSWQAz HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YaHdYAAHnHYSWQAz&gdpr=0&gdpr_consent=&_test=YaHdYAAHnHYSWQAz
Request Chain 402
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDYTZVN0RRN3NBQUNvdWFOU09SZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Request Chain 403
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Request Chain 404
  • https://green.erne.co/pubmatic/cm HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=i7BbsPkJiLKUzbjpbOBrX4s9
Request Chain 410
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 411
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6QjBLp39RY-qm1yU7dqd9g%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 412
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9f1a61a1-dd60-4800-a0e8-eba924af4396
Request Chain 414
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkwOEMxMkUtOURGRC00NThGLUFBOUItNUM5NEVEREE5REY2&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 415
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC19fhKPU3B9XrGd08BqdoA&google_cver=1
Request Chain 417
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&gdpr=0&gdpr_consent=
Request Chain 418
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=224729157169359204
Request Chain 419
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
Request Chain 420
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6458645844671079244&gdpr=0&gdpr_consent=
Request Chain 421
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC
Request Chain 423
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QLZNC01E2uU_Y5LQZ5NNPvN7hXQ5YaI-~A&gdpr=0&gdpr_consent=
Request Chain 424
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f4c21355-b1f4-46d1-a732-a503bb51c5a8
Request Chain 425
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3013638483369036960&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 427
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Request Chain 428
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:66003f51-23b5-4dec-b7dd-744de62c316d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Request Chain 429
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6458645844671079244
Request Chain 472
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
Request Chain 473
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaHdYTD9tT3o9naxhQZTEgAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
Request Chain 474
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELT7-6pwm7_R2E0KwIHMCyE&google_cver=1
Request Chain 475
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ1ODY0NTg0NDY3MTA3OTI0NA%3D%3D
Request Chain 513
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/5-5jQ4dA754liaWnHPx63w?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5606672386949604279
Request Chain 518
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEOiNTdOpjigiaIPTWtJ4p_s&google_cver=1
Request Chain 519
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=9f1a61a1-dd60-4800-a0e8-eba924af4396&expires=28
Request Chain 586
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaHdYAAHnHYSWQAz
Request Chain 587
  • https://pixel.rubiconproject.com/token?pid=27384 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=rubicon&partner_uid=KWHHO1UB-X-G6J7
Request Chain 588
  • https://pixel-a.sitescout.com/dmp/pixelSync?nid=1 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7430&nid=2238&put=no-consent&expires=360&gdpr=1&gdpr_consent=
Request Chain 589
  • https://i.w55c.net/ping_match.gif?ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30 HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=CJmHPDFI1MQS5j5&expires=30
Request Chain 590
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2e5b54d5-4f53-11ec-b930-65692a6201a5&expires=30
Request Chain 591
  • https://um.simpli.fi/rb_match HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=4B7E93DD677B47ACAB218B72935F22E9&expires=365
Request Chain 592
  • https://ad.turn.com/r/cs?pid=6 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=3013638483369036960&expires=60&gdpr=&gdpr_consent=
Request Chain 593
  • https://c1.adform.net/serving/cookie/match?party=1164 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=224729157169359204
Request Chain 594
  • https://fw.adsafeprotected.com/rfw/bgd/867523/58678884/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB&adsafe_url=https%3A%2F%2Fbuhgalter911.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fbuhgalter911.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&adsafe_type=bd&adsafe_jsinfo=,id:604a6246-d4f1-b993-9424-7a51c4659ca3,c:v9nzd3,sl:outOfView,em:true,fr:false,thd:1,mn:app07or,rg:or,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:2dd44a6c-4f53-11ec-ae01-067641d02172,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB
Request Chain 613
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=buhgalter911.com&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=_iaEWHxrRU9pT2R5QWQxemdrcWVXNElISURlR05xSFlhQVNxQVdNNGhaSEdWYWVuRGFJdEpRQk5pZCt0Y3kxSG5GUFFVbjg1NDVTRkdpOHpBVEo4anFoYkVSNkxUTlVDc1I0dTNSM2EwZmljNGRyd0dUd25jcHp6NXZGeEl2UTNzMGZoandxVE00OXY2bExGVU9WV3NwcDRxdHRyMmVHWWZxNkcxZi9KV2FqK0c1RDFQSWVjTkFpVzc5dkpYQXpicGg5T2FITE5LL2Rpb1ZhNTU4K25nMkRiNC9vT0ZuZkx1UXBpNkg3bHdMODluNXUrOWZsMEJCRzVkUEhCaEdxMTU5VHd5cFRaWXdzK3dieTErMkdUWFFMK0VBQT09fA&cppv=2
Request Chain 655
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 687
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHudH0mCeGwSw1-WHRTkkVE&google_cver=1&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63oqfLM4xSEGeE HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=nxphod1gSACg6OupJK9Dlg&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63oqfLM4xSEGeE
Request Chain 688
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPJoHcPs3UDyg0eghb2aV5w&google_cver=1&google_push=AYg5qPImseaEqhjk3nL7g-7R5cT1MukgnxJDBoiIXDHiEQKRaGc-xAFBp64dXkR7DIgv8J0z8D3Hc9T3wPrQTxvtQiOTDYmz9bo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWFIZFlBQUhuSFlTV1FBeg==&google_gid=CAESEPJoHcPs3UDyg0eghb2aV5w&google_cver=1&google_push=AYg5qPImseaEqhjk3nL7g-7R5cT1MukgnxJDBoiIXDHiEQKRaGc-xAFBp64dXkR7DIgv8J0z8D3Hc9T3wPrQTxvtQiOTDYmz9bo
Request Chain 690
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESEIbjEl7jTDBNJrHhAR8z-P0&google_cver=1&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Ujx2H1UCPjwlc HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Xmp37L_HQxCeAQkg9ElGcg2&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Ujx2H1UCPjwlc
Request Chain 691
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBaXnaX2x_EKslXoyjkVdYo&google_cver=1&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g&google_hm=NTYwNjY3MjM4Njk0OTYwNDI3OQ%3D%3D
Request Chain 692
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJ0Wre4T05q6Ds6JXE53BrA&google_cver=1&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLzM-nxUjm2op4aZWxvMEU HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI0NzI5MTU3MTY5MzU5MjA0&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLzM-nxUjm2op4aZWxvMEU
Request Chain 693
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBKgftdcC_Ag3bXu2gVM0D8&google_cver=1&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnTZp4iVkYSGdg HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnTZp4iVkYSGdg
Request Chain 711
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 746
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=5hDI6F9QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXAzWmVEJTJGOHJWZVAzRGhqQ2oxVllielJWRUxtSjEzRW52bjlOSGN3Q1JtOEtoUGZCbFBLJTJCVERidEMwUG5nZTRqcHc5Tk45M3A5eGN5JTJCVVUxZVdqRHBEVEdBMm9OQWtsNUxkV1FVZjBrNWl2dGVPTTZkSW1mQ2JOZSUyRlBEc3N6Y3BRJTNEJTNE&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=ghJjzXwxaU1hcHF4VDBMSElIMDVJUS92dng2cHZtRVMxcDBTTysrYlRYdmtkU2lTVGJ1a1FnaUJBSzJzaklyRDl2UGJiR1NwQTRXL0xEbXdVSE9iZHVrUDlIK0NQZHp4L3U0a01iWWRPNXVBbmxCODJ5aDFZenZXYXJaT2N4V0JjeSt6N0k4cDl2ZFZIRXloRzVobnM1clBTSVhNME0vSUtlVzFPYmpRdVlSaVVOdEh4OUdCaU1UTXAzbUdoWktXMFRESVRiVXZRdVoySDhaMGVGdkNEY2hxYURpMkY3VmtsTVZid2tRM0ZZeHpxRk92Ujc5dkJ2Z3FubnErM0Q5aHRvVUhPTk1Qd3ZRc1o2ZWNTNEsvR24zQ2NVSFdJOHAydjVNVmE1NDVZR3NVK0dFUT18&cppv=2
Request Chain 751
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=runwaff.com&cw=1&pbt=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=YrGrL3w0TlZrWE9HNnRWY2xnbG5jSjQxa2tjWkxiU1hoYlN5OXlBQ1VpKzVjQVlxam5TMHVRN2twZFI1VXlmSkIyb3h1bzJVMEFZT1JFcUVJM2pSNGNBeTNad0ljRnVBdjVDQXN4NnBKKzBkSkFCN3lDQ05GM2gvM0tvS3FUbmdLZVI4cE1Ea2xIanVtYk5qYVVBclhETFdYSFFUdWFBR0FTWDNZZWFnSDBTTDR3VG5ZNW9KK3dkNWE2S2hrdXF4OE5QeTNndFd0NTNZbU9YL2I3VmszdDJoelRFU0tETTVkYmFVR0JUeTBhZDRQRXc1RnFnTFZiSFhmQlBVSU5RUVBkOWovMWQwaEthY1czY0tWVzA3N0QrVHVZL25sNnZKZDdJNkRlU3JvZGVXU3Zmdz18&cppv=2
Request Chain 759
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3Dce294c34bf4c7569%26uid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3Dce294c34bf4c7569%26uid%3D%24UID&sovrn_retry=true HTTP 307
  • https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=ce294c34bf4c7569&uid=0a7af39ef7aba6ceb46ee5e7
Request Chain 760
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=Xv2C5F9QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXRpb084eUVVUURZbzBhQ3hKOUJuVWxJcU5uWUhhNWU2UHpWOVluMXhKRUdGeGxiQVZOQ0Y0amxiVFY4NjZQcnpQUmhUUUtDcW9hcnF2VlU1OG5nVHpZbCUyRmJrU1VPWHBiaW1zWnNNJTJCc1hxJTJGWlJuaCUyQlN3WHBub0Q4THklMkZUVEF4MGclM0QlM0Q&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=IJWXb3xoOFVHaVNQY1FLVnZGWmlkRDZBZUNFZ2t6UEEza2JTVVhDdElWMERhYk9uSWtnWW1HZkZmTUF1YzZ4MFhTa1ZROTB4UGtSa1pTSk9vV1RNUFp2OGROMzBvRVNPNTB4bkhXck1KUzBEYnVmenprbEF1VHl5USsrbnJMV25DTTRlalozU3FrM1hFN3hSQXlRNVl2Y3RkMGYwRWZYL1VGSGFGTlk4c2IwSm1sZlZFTEl0MFZLbkxNTjFHOVhjcHROR0U0czN5Tzg4UXZwVXdjb25tWTdkUmZkSkVkN2dmdys5MEJwL1lWL29oSnFNRDNPcGEyOWpQYUROQ25wQytFK3UxTUpZZ1VmSVdyaE5Md3pJZHpRS2greEYwbFlRMjQ1RTZTNFFpaTliSDVRcz18&cppv=2
Request Chain 767
  • https://x.bidswitch.net/sync?ssp=between HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dbetween%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&ssp=between&expires=30&user_group=1 HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f4c21355-b1f4-46d1-a732-a503bb51c5a8
Request Chain 768
  • https://px.adhigh.net/p/cm/btw HTTP 302
  • https://px.adhigh.net/p/cm/btw?bounced=1 HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=37&external_user_id=uMPy7V1hYDJY.AikABlF9YEjOaw
Request Chain 769
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D114%26external_user_id%3D%24UID HTTP 307
  • https://ads.betweendigital.com/match?bidder_id=114&external_user_id=0a7af39ef7aba6ceb46ee5e7
Request Chain 770
  • https://sync.bumlam.com/?src=bw1&uid=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5 HTTP 302
  • https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABjjuoeNBlIFvp7KygpiJGQ4Y2I2MWYyLTBmZjAtNTE0Yi05YWRjLTc0YjhmYjdkYTllNQ** HTTP 302
  • https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARjjuoeNBlIFvp7KygpiJGQ4Y2I2MWYyLTBmZjAtNTE0Yi05YWRjLTc0YjhmYjdkYTllNaIBEC-Bv-pPUxHspukAJZDIJDc* HTTP 302
  • https://sync.bumlam.com/?src=bw1&s_data=CAIQABjjuoeNBmIkZDhjYjYxZjItMGZmMC01MTRiLTlhZGMtNzRiOGZiN2RhOWU1ogEQL4G_6k9TEeym6QAlkMgkNw** HTTP 302
  • https://sync.bumlam.com/?src=bw1&s_data=CAIQARjjuoeNBmIkZDhjYjYxZjItMGZmMC01MTRiLTlhZGMtNzRiOGZiN2RhOWU1ogEQL4G_6k9TEeym6QAlkMgkNw** HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=18&external_user_id=2f81bfea-4f53-11ec-a6e9-002590c82437
Request Chain 773
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&dcc=t
Request Chain 775
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJUhXQFGngoD0BgMoXu8X34&google_cver=1
Request Chain 778
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=CJmHPDFI1MQS5j5&gdpr=1
Request Chain 779
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1638084323&gdpr=1
Request Chain 782
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=WleC619QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXJjQVgwUEJvMG04enlDS1BQYW9oc21BVGo1TmJTaEVCaHloU3YxZWQyTTJCMjQxdXNkUkg2SFlJWVFQQm5HNEpYeWRiRG5XRUZyNVdLaHlPNEtRd1ZQUnl6NHYzVmZNdSUyRmxBYVo5M2dGcnRYWU5tR0FzWmx0RHo3RUZ0NnUwT2JBJTNEJTNE&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=fVR093wvVWpESXJKVVlDMk5yTWY4RkEreDhGRkJsTXJDc2cvU0lCb3FXSkllN1FjQStnSTA4RWl6RXRnZ2J2NmNxbGNlbGxxYmtocThhVnJIUi8wRW10bmtvZkU2Wi9HVTJPaWpzQ1E5enJFejdoUXpOK2tkYzNvdEpMb05ILy9jb05rbDR0YW1LR0RsWFpMOWtXU0dFMzdxaWJwZFgzQzhaUFREVzcwcm1CQ3RUTitLZFZGUUVTa3hLWUhhV0ZqazgxUjJTVHZpZ28zbExYNGxYMEdhVzV1S2hrTDQwS1VFeldXZzNwSjJQM2l3MUJPYjhXWERPSFZLTUtjUUQzbGxtTU9vK0xUM3pwSHJmeFlmRVo1NmFQemR2QjkyNHhEYkV1SlVlMTRESDFjYVZydz18&cppv=2
Request Chain 783
  • https://rbp.mxptint.net/sn.ashx HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B342_E732EB44_1E96AA270&expires=60
Request Chain 784
  • https://p.rfihub.com/cm?in=1&pub=64 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559721741485486&expires=30
Request Chain 785
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=1053074&nid=2179&put=Dgss8YzKTXyy921BJs-auw&next=https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id= HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT
Request Chain 786
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=1053074&nid=2179&put=GeTAoQc8TTOqYm6zseaBmA&next=https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT
Request Chain 788
  • https://token.rubiconproject.com/token?pid=2046&pt=n&a=1 HTTP 302
  • https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=aVV9vetRD5IISXYj824rTA
Request Chain 789
  • https://onetag-sys.com/bridge/e,4 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
Request Chain 790
  • https://bh.contextweb.com/bh/rtset?pid=560687&ev=1&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D390200%26nid%3D5120%26put%3D%25%25VGUID%25%25 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=IPyTDkBOtOAc&ev=1&pid=560687
Request Chain 791
  • https://x.bidswitch.net/sync?ssp=between HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=f4c21355-b1f4-46d1-a732-a503bb51c5a8&ssp=between&gdpr=&gdpr_consent=
Request Chain 792
  • https://sync.bumlam.com/?src=aid0 HTTP 302
  • https://x01.aidata.io/0.gif?pid=ADSNIPER&id=2f81bfea-4f53-11ec-a6e9-002590c82437 HTTP 302
  • https://x01.aidata.io/0.gif?pid=ADSNIPER&id=2f81bfea-4f53-11ec-a6e9-002590c82437&bounce=1 HTTP 302
  • https://sync.bumlam.com/?src=aid1&uid=247Sc35FrB85tdO4Hmtztw& HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata HTTP 302
  • https://sync3.sniperlog.ru/?src=ggl&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata&google_gid=CAESEC0c4bqhHNnDJEDX2qKhNJY&google_cver=1
Request Chain 794
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Request Chain 800
  • https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266 HTTP 302
  • https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266
Request Chain 802
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=2e5b54d5-4f53-11ec-b930-65692a6201a5&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 803
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&expires=60 HTTP 302
  • https://matching.kubient.net/match/bidswitch?id=f4c21355-b1f4-46d1-a732-a503bb51c5a8&gdpr=&consent=&usp= HTTP 302
  • https://matching.kubient.net/match/bidswitch?id=f4c21355-b1f4-46d1-a732-a503bb51c5a8&gdpr=&consent=&usp=&chk=1 HTTP 302
  • https://ssc-cms.33across.com/ps/?ri=0010b000018ldWcAAI&ru=https%3A%2F%2Fmatching.kubient.net%2Fmatch%2F33across%3Fid%3D33XUSERID33X%26fp%3D1860323048
Request Chain 806
  • https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2Fd8cb61f2-0ff0-514b-9adc-74b8fb7da9e5 HTTP 302
  • https://an.yandex.ru/mapuid/betweendigitalis/d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5

800 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
buhgalter911.com/
Redirect Chain
  • http://buhgalter911.com/
  • https://buhgalter911.com/
154 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
b6c8ebf693b3cd4bc48c9705c81655f42abdfd8523232ed12212c5f0fe1a2dc5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:16 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=15768000
x-xss-protection
1; mode=block
cache-control
max-age=0
expires
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
content-encoding
gzip

Redirect headers

Server
nginx
Date
Sat, 27 Nov 2021 07:25:16 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Location
https://buhgalter911.com/
fa-brands-400.woff2
buhgalter911.com/webfonts/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/webfonts/fa-brands-400.woff2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 04 Mar 2021 08:37:14 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
font/woff2
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
78460
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
fa-regular-400.woff2
buhgalter911.com/webfonts/ 		13 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/webfonts/fa-regular-400.woff2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 04 Mar 2021 08:37:14 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
font/woff2
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
13548
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
fa-solid-900.woff2
buhgalter911.com/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/webfonts/fa-solid-900.woff2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 04 Mar 2021 08:37:14 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
font/woff2
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
80300
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
common_styles.css
buhgalter911.com/compress/ 		158 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/compress/common_styles.css?v=1636629552
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
0c69092108eb6839e8c16492ef8830a16f8cbb9aee9331ce04717bf4cbe3df73
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Nov 2021 11:19:12 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
index_index.css
buhgalter911.com/compress/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/compress/index_index.css?v=1636629557
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
8530b24bfffd2465363960c1d97678d88d38da0614b574bda4f9dc84f5a647ad
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Nov 2021 11:19:17 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
client.js
cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/ 		64 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/client.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
0ddf7f63c2c4de8623b8f34646ea08078cd54452d0a85ed216976438978cfa24

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
last-modified
Wed, 28 Apr 2021 09:55:44 GMT
server
nginx
etag
W/"60893120-100fb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 28 Apr 2021 10:06:20 GMT
cache-control
max-age=10
x-proxy-cache
REVALIDATED
logo.png
buhgalter911.com/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/logo.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
2dbf4667b656a2c447dce776af92f817c4e8e42a9ff19bd09e642babbd70db5f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 31 Aug 2016 14:49:53 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
2099
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
logo_mobile.png
buhgalter911.com/public/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/public/img/logo_mobile.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
423b902b33f957b431826ef6688c54edbb9df750d79cc5ec707e051ac33bb12c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 21 Jan 2021 07:18:04 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
1497
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
platform.js
apis.google.com/js/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c42287535028a9cafdb2de2be1ae978094910b28257d145a6a104a9f4ed51879
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-S9gY6s7SdP0x6RcXK3OjTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"b74152e6668bf0f4f0509c904154fdc5"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-S9gY6s7SdP0x6RcXK3OjTA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Sat, 27 Nov 2021 07:25:16 GMT
subscribe_form.js
buhgalter911.com/public/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/public/js/subscribe_form.js?v=1608212746
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
95e74883ec27e561682ec4737f6deb2f1a27f4134bd6c4d75c83cb69ae8ae486
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 17 Dec 2020 13:45:46 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
accept-ranges
bytes
content-length
883
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
270x203_hqdefault.jpg
buhgalter911.com/img/minified/i.ytimg.com/vi/ypGlV3xpS7Q/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/minified/i.ytimg.com/vi/ypGlV3xpS7Q/270x203_hqdefault.jpg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
68e770568cc4c56ab4d321899ce5af7735e9e6f986ac70c635235260b0fcc74b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Nov 2021 13:50:58 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/jpeg
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
15194
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
ushakova_new_photo.jpg
buhgalter911.com/public/uploads/experts/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/public/uploads/experts/ushakova_new_photo.jpg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
e1aad8e6bb6ce507ef6de7c00db410c048f3aac3e5f373a69614aec38cfa3f4d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Fri, 27 Aug 2021 10:43:04 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/jpeg
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
20966
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
blogs_sidebar.png
buhgalter911.com/img/blogs/ 		397 B
671 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/blogs/blogs_sidebar.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
836c18f92e8a0cee4ce80d8848bd280d449b861253ee09c0bda31d68c69111f7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Fri, 18 Sep 2020 11:30:07 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
397
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
p7jdym73.js
l.getsitecontrol.com/ 		504 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://l.getsitecontrol.com/p7jdym73.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
3537ac4e95ffb9e58a23d37e408b3d5bfe1d9183351b39a56481b8573fea7e0b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
cdn-edgestorageid
756
x-amz-request-id
4E46HZJTGPR4RJFY
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
10/28/2021 15:02:08
cdn-pullzone
89704
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
jL7/WId6NdEVIM94/x/gKVFSUHWOZ2ydSBP3324ACdrxuEEeuvnF95tTrC7LkS+8zh12/yxR/hU=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Mon, 30 Aug 2021 13:16:56 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
cdn-cache
HIT
cdn-uid
e3a1246b-2fdd-4153-9207-6ca707c9379d
cache-control
public, max-age=2592000
cdn-requestid
d82e6021b3712e8a769bbcf0827b655d
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
common_scripts.js
buhgalter911.com/compress/ 		420 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/compress/common_scripts.js?v=1636629553
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
3fd5af5f3872e2e887b50e4422e2f3684ef235ccb9a9179f1cee410e79d42365
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Nov 2021 11:19:13 GMT
server
nginx
date
Sat, 27 Nov 2021 07:25:16 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600, public, no-transform
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
index_index.js
buhgalter911.com/compress/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/compress/index_index.js?v=1636629557
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
b7446ee9d7985c2dc01fceb62f0da7baddb3ee757bf00759905da6a5e8ad34a4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Nov 2021 11:19:17 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
accept-ranges
bytes
content-length
1749
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
chat-frame.png
buhgalter911.com/img/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/chat-frame.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
fb2f38b0a52b0a78fc5c5e1e8d2dc0c5614a012165df6ebd3063b54b2a3100a1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Nov 2019 14:14:12 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
6407
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
privat.png
buhgalter911.com/img/resouce_icons/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/resouce_icons/privat.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
19a7459e532174819bd05bb3908d2d31781f99b639183771debe416c77cf9795
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Sep 2021 07:58:26 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
2713
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
visa-logo-min.png
buhgalter911.com/img/resouce_icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/resouce_icons/visa-logo-min.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
0bc2f6c55d7b4c44594f292ef4424cbcf33f58df0fe0b265b0e925d2432b93c0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 08 Sep 2021 07:58:26 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
1470
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
copy-print.css
buhgalter911.com/public/css/ 		2 KB
987 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://buhgalter911.com/public/css/copy-print.css?29092021_4
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
1acbb87b247d2b4b2713957697463365e122b0b528034f8638f4acad382efec8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Mar 2021 08:37:14 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
cut_copy_error.png
buhgalter911.com/public/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/public/img/cut_copy_error.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
5654d7b838075832d71b8b0a805ac7f47c157a4504bf73443cc92aa383480b30
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 18 Jul 2019 10:08:45 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
1169
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1449
date
Sat, 27 Nov 2021 07:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 27 Nov 2021 09:01:07 GMT
gtm.js
www.googletagmanager.com/ 		167 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WRNTR8
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b60eb2482580045901dc6e1a6b08389119a4db9c5e233b30c83e497c0ee7c809
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55886
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 27 Nov 2021 07:25:16 GMT
wrapper_hb_299506_4723.js
player.adtelligent.com/prebidlink/454999/ 		1 KB
856 B 		Script
General
Check archive.org
Download Go to
Full URL
https://player.adtelligent.com/prebidlink/454999/wrapper_hb_299506_4723.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
6cc0eb2c4daa4f0ca21c02b0a6529de5279daaa7c6b49706e7bd560a295ed645

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 20:22:02 GMT
server
nginx
etag
W/"61a141ea-41e"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 27 Nov 2021 08:25:16 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
resource_icons_v7.png
buhgalter911.com/img/resouce_icons/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/resouce_icons/resource_icons_v7.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
c5a7e1a01e97fddf0d6fea76f7a895d53516d76728a4615816a71afa8141d8df
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 17 Jun 2021 10:07:53 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
3905
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
ic_youtube.svg
buhgalter911.com/img/ 		898 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/ic_youtube.svg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
801e3bfaa35cc81cbb10567b2520e7889cfa05add40afb5815d821462423006d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Thu, 28 May 2020 14:09:49 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/svg+xml
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
898
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
resource_icons.png
buhgalter911.com/img/resouce_icons/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/resouce_icons/resource_icons.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
522589bfd743beeec03b9a97b547e046559a13d66cf29674e661a8aadecf9d27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 18 Dec 2018 12:44:50 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
4768
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
offers_img_origin-min.png
buhgalter911.com/img/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/offers_img_origin-min.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
1e96e64228c84e0507b7ed9cffc20fd62f6faefd0a1fbf517cd225b88aef9f75
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 29 Jun 2021 12:42:57 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
3656
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
menu-blogs-min.png
buhgalter911.com/img/blogs/ 		296 B
570 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/blogs/menu-blogs-min.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
b4c4e2f3ca3eb4b6a814856d3ce31459a48549c76a61264ee3183fc2c4b0c565
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 02 Sep 2020 13:54:43 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
296
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
hbw_master_299506_4723.js
player.adtelligent.com/prebidlink/454999/ 		159 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/wrapper_hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
e6ae2ee7b544a949385f531826a24db1315a328eb451377b467dc5058a547f49

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 20:22:02 GMT
server
nginx
etag
W/"61a141ea-27afa"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 27 Nov 2021 08:25:16 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		77 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
c25a4ea2cd2003381fd6a9118f631d3be90f549b63598e8bbc523ef0747731f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 914 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26863
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:16 GMT
configs
cdn.gravitec.net/sdk/web/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.gravitec.net/sdk/web/configs?appKey=bb0015a59e2f56e2ec6479075a6ca03c
Requested by
Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/client.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a18ac760badf65c852e1d545b4f43e921458da84d6bbe4e2075d6a44ae2991ae

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-correlation-id
d7c56c868c3ebc88e2a37952f04d46d3
server
nginx/1.20.2
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
content-encoding
gzip
x-proxy-cache
EXPIRED
js
www.google-analytics.com/gtm/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-K9FQND4&cid=863088088.1637997917
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1206f9be78a66c0fc232a956ad5e637856124840b2f9c1ee77a611bd43d08d91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34926
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 27 Nov 2021 07:25:16 GMT
hb_299506_4723.js
player.adtelligent.com/prebidlink/ex18958/ 		390 KB
119 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
f66ed0540b430733e1f0a991a6979222dc3bc96c54bff5c5725a176472e17f74

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
last-modified
Thu, 25 Nov 2021 16:16:54 GMT
server
nginx
etag
W/"619fb6f6-61624"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 27 Nov 2021 08:25:16 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
/
ghb.adtelligent.com/geo/ 		130 B
382 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/geo/
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
f344734e2570f6842c8e8ed89171e9bd4fb6c1be43c041e320127b1a9ab16666

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:15 GMT
Access-Control-Allow-Credentials
true
Server
VertaMedia 1.0
Connection
Keep-Alive
Content-Length
130
Content-Type
application/json
tracking
ghb.adtelligent.com/adunit/ 		43 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/adunit/tracking?event=11&type=0&client_id=299506&site_id=4723&full_page_url=https%3A%2F%2Fbuhgalter911.com%2F&adid=hho1a2.9l&vpbv=N024&lifecycle_tte=559
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:15 GMT
Access-Control-Allow-Credentials
true
Server
VertaMedia 1.0
Connection
Keep-Alive
Content-Length
43
Content-Type
image/gif
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ 		123 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
de801d89e6f71bf92faa287b9d67520105e6188e703bf3d060223ec2072a95ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
232525
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43581
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:49:51 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ 		119 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_1
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
29af0c8109de86bcf0f69ab6f293c71bff84e52c48bdc4193e2e9583f291f726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:49:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
232525
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41540
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:49:51 GMT
subscribe_embed
www.youtube.com/ Frame A4EE 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
09fd24da84042364b383ca3b85080710d57aa04250a573c3b1d740fba47d4f5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 27 Nov 2021 07:25:16 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
report-to
{"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sub_line_border-min.png
buhgalter911.com/public/img/ 		318 B
592 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/public/img/sub_line_border-min.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
216bea75f6510445e4d66f1f773f38bd3985c4423a41b1452fd4c82b3d602443
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 13 Aug 2019 12:39:38 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
318
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
sub_envelope.png
buhgalter911.com/public/img/ 		500 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/public/img/sub_envelope.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
58a333a059b984e23c25d19292b7e65b407170c21c1ce73ad6dd63bde9d44098
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Tue, 13 Aug 2019 12:39:38 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
500
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
js
www.googletagmanager.com/gtag/ 		163 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-P1T6QELT3W&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WRNTR8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1671f519e694d8f0e0e4630ac7e501bde60dde5c1083c664dd767d7b776b5ea9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61736
x-xss-protection
0
expires
Sat, 27 Nov 2021 07:25:16 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WRNTR8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14378
x-xss-protection
0
server
cafe
etag
684346926396516684
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 27 Nov 2021 07:25:16 GMT
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
9+EjbufsVDPvbE5Mjiq1nTLGvVtxs1FZ2jDoPsvY3WEUdkdo1Z4dukhz5V55LV8RiI4Ndkz9EQZz9TUtkHUiyQ==
x-fb-trip-id
686109401
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 27 Nov 2021 07:25:16 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
tag.js
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 		190 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30f094b609ebf2611fc4c77649b862e9a2b8bed3fe142c0e9989ae20638abe79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
38241
x-jsd-version
1.211.0
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19168-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"2f907-wCth4CMXCop5q06UHQASPYs0n5k"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
6b499f236f566967-FRA
/
load.sumo.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
9TB0ZWMS5XW9RFDZ
cdn-cachedat
10/20/2021 17:30:27
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
qCvRVgs8ZItWbARVg2xSZF2S/c/PCVLYuwN5eXW2/MOyZd5AVkpZE11FZUE2srRIVkWk6GDbp8M=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 20 Oct 2021 15:30:25 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=600
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
341574d67f4b28840ca62f9f92c4ca68
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
csyncs
ghb.adtelligent.com/ 		730 B
641 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/csyncs?aid1=455140&aid2=455141&aid3=605039&aid4=607661&aid5=undefined
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
aabcfe5e5bac6d066f9361652e5541a5fd3cb8fc08948bb6b6f50110fcfb4160

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:15 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://buhgalter911.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
350
icon_sprite.png
buhgalter911.com/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/icon_sprite.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
86bfaa94c6c352c3ac008e5225016de1216112134a61454f93559a98e6b01b3b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 20 Mar 2019 15:48:32 GMT
server
nginx
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=1209600, public, no-transform
accept-ranges
bytes
content-length
3390
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
add
analytics.factor.ua/analytics/ 		0
242 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://analytics.factor.ua/analytics/add
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_scripts.js?v=1636629553
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.170.82.90 Eindhoven, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
95-170-82-90.colo.transip.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:16 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
0
Content-Type
text/html; charset=UTF-8
mastercard.svg
buhgalter911.com/img/resouce_icons/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buhgalter911.com/img/resouce_icons/mastercard.svg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/compress/common_styles.css?v=1636629552
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.97.204.145 Zaandam, Netherlands, ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL),
Reverse DNS
37-97-204-145.colo.transip.net
Software
nginx /
Resource Hash
90b2c189be5f0290cd8d7003c28c08de7df1eb1d6240b24f699fc75a4132b70e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/compress/common_styles.css?v=1636629552
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 08 Sep 2021 07:58:26 GMT
server
nginx
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=1209600, public, no-transform
strict-transport-security
max-age=15768000
x-xss-protection
1; mode=block
expires
Sat, 11 Dec 2021 07:25:16 GMT
p7jdym73.json
l.getsitecontrol.com/ 		32 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.getsitecontrol.com/p7jdym73.json
Requested by
Host: l.getsitecontrol.com
URL: https://l.getsitecontrol.com/p7jdym73.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
3e85521778b582dec0c9da83061a923f870be46e626fcd2c593ce4f404a948b6

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
vary
Accept-Encoding
cdn-edgestorageid
756
x-amz-request-id
MESTPJ59NW6Q65ZG
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
11/23/2021 20:56:12
cdn-pullzone
89704
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
MK1n8G1xDn0IdiNVfTY6lZ9KzYPyNb28AJoF3eXSuIUa+lm5bB8ImcFkY1uB1aoIKRISnuENmaE=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Mon, 30 Aug 2021 13:16:56 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
cdn-cache
REVALIDATED
cdn-uid
e3a1246b-2fdd-4153-9207-6ca707c9379d
cache-control
public, max-age=5
cdn-requestid
7a01b02b9db4297147081fc4e4e1a637
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
z
s.zmctrack.net/ Frame 4EC3 		49 KB
23 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.zmctrack.net/z
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software
openresty /
Resource Hash
bb0accbe8d19208581ad68ffd1a5d9dcd241a4fd1c2a76734726a5dc8c2fc2ce

Request headers

Referer
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
server
openresty
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
X-Location, X-Meta-Status, X-Set-Cookie, X-Cookie, X-Check
cache-control
no-cache, no-store
access-control-allow-headers
X-Request-Data, X-Headers, X-Url, Accept-Encoding, Accept-Language, Content-Language, Accept, Content-Type, Cookie, Origin, User-Agent
content-length
23271
expires
Thu, 01 Jan 1970 00:00:01 GMT
subscribe_embed
www.youtube.com/ Frame EA0A 		2 KB
871 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cd6d5a8d72594d19131d97fe5c8f12103580eed48b5407a8417bb90fd973d1d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 27 Nov 2021 07:25:16 GMT
strict-transport-security
max-age=31536000
report-to
{"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
stats.g.doubleclick.net/j/ 		4 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=1675788594&gjid=389657418&_gid=1344761388.1637997917&_u=aGBAiEADRAAAAE~&z=1792138043
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 27 Nov 2021 07:25:16 GMT
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1251657043&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEADRAAAAG~&jid=492044583&gjid=507284233&cid=863088088.1637997917&tid=UA-47379603-1&_gid=1344761388.1637997917&_r=1&gtm=2wgba1WRNTR8&z=1405559937
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1251657043&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDACEADRAAAAG~&jid=423077203&gjid=163316591&cid=863088088.1637997917&tid=UA-53572572-5&_gid=1344761388.1637997917&_r=1&gtm=2wgba1WRNTR8&z=1708831098
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1251657043&t=pageview&_s=1&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiEADR~&jid=1675788594&gjid=389657418&cid=863088088.1637997917&tid=UA-47379603-1&_gid=1344761388.1637997917&cd3=%D0%BD%D0%B5%D1%82&z=1393910765
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 03:26:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14347
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:16 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		122 B
124 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
c45cda3c584727700f9863171b42e0eebec131b3ed2e25111d191d693c5f49d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
99
x-xss-protection
0
expires
Sat, 27 Nov 2021 07:25:16 GMT
postmessageRelay
accounts.google.com/o/oauth2/ Frame 1C36 		565 B
858 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fbuhgalter911.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=auth/exm=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
148e8df0a73dcd1a435812e122b3d309ffad13f5af041cdc1d58a4c817afd559
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wAiyZMUlOvJZpSk/SqXw/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 27 Nov 2021 07:25:16 GMT
content-security-policy
script-src 'report-sample' 'nonce-wAiyZMUlOvJZpSk/SqXw/w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
csync
sync.adtelligent.com/ Frame ACBD
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D319130%26extuid%3D%7Bdevice_id%7D
  • https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=a33c07a5-2bc4-4040-82d7-a80596d12e56
0
0
csync
sync.adtelligent.com/ 		0
0
match
dm.hybrid.ai/ 		0
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dm.hybrid.ai/match?id=186&burl=https%3A%2F%2Fsync.adtelligent.com%2Fcsync%3Ft%3Da%26ep%3D324902%26extuid%3D%24%7BVID%7D
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.18.16.21 , Russian Federation, ASN205675 (HYBRID-AS, RU),
Reverse DNS
Software
Hybrid Web Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
server
Hybrid Web Server
p3p
CP="NOI DSP COR CUR ADMa DEVo TAIo PSAo PSDo IVAo IVDo OUR IND COM NAV INT STA OTC"
access-control-allow-origin
*
cache-control
no-cache, no-store
x-mode
116
x-xss-protection
1; mode=block
expires
-1
www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame A4EE 		38 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 23:30:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
287707
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6066
x-xss-protection
0
last-modified
Wed, 18 Nov 2020 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 23 Nov 2022 23:30:09 GMT
www-subscribe-embed_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame A4EE 		252 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 10:57:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332850
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73785
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 23 Nov 2022 10:57:46 GMT
1495025544106981
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1495025544106981?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
39afd42fa1dfeee3294802d18639616dd2391c3b72f846e6fe560066e188c92c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
88827
x-xss-protection
0
pragma
public
x-fb-debug
0+HSVX/lKAEMaB0W4820YWzxag9gamFV3HK742wJ9XgJ10mBwqF/hFEiOeSdEfDpOt37KFYViJ9aIdURC1RIQA==
x-frame-options
DENY
date
Sat, 27 Nov 2021 07:25:16 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
analytics.google.com/g/ 		0
347 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-P1T6QELT3W&gtm=2oeba1&_p=1251657043&sr=1600x1200&_gaz=1&ul=en-us&cid=863088088.1637997917&_s=1&dl=https%3A%2F%2Fbuhgalter911.com%2F&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sid=1637997916&sct=1&seg=0&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P1T6QELT3W&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-P1T6QELT3W&cid=863088088.1637997917&gtm=2oeba1&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-P1T6QELT3W&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.nl/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-P1T6QELT3W&cid=863088088.1637997917&gtm=2oeba1&aip=1&z=769478994
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
72.0a035390359aab65eb82.js
load.sumo.com/ 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
1ZQEWHAMVKQ7GYB9
cdn-cachedat
08/11/2021 08:27:12
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
kmFKyXlcNfWRvLk73k8+XQ19wYCytEHCTISpCux9qKXgMmTWTauGgYuQX+XFo3SzIUCSissBAiY=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:49 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
6739e58bea6ff603cc8ed7772139013f
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
TBY01K4HP9CGD4T8
cdn-cachedat
08/11/2021 06:56:09
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
zxdeegSWyj0r5KeMe1/TVBrRHqZLd4efcDcAMD1YkADnK6T70g4ma5XkPClgzRKwYXb8pz26pBk=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:50 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
725aae256c68060a4af774bda03eaeac
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/977649145/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/977649145/?random=1637997916884&cv=9&fst=1637997916884&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fbuhgalter911.com%2F&tiba=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1e1effe54127d395d46cfa64a72576abe773b4ef1678a7cc2e62319d313230e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1066
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=1675788594&_u=aGBAiEADRAAAAE~&z=1314628967
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.nl/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=1675788594&_u=aGBAiEADRAAAAE~&z=1314628967
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=492044583&gjid=507284233&_gid=1344761388.1637997917&_u=aGDACEADRAAAAG~&z=397184297
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 27 Nov 2021 07:25:16 GMT
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
25 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-53572572-5&cid=863088088.1637997917&jid=423077203&gjid=163316591&_gid=1344761388.1637997917&_u=aGDACEADRAAAAG~&z=1792989684
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 27 Nov 2021 07:25:16 GMT
content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
id.gravitec.net/ Frame 1AB9 		621 B
616 B 		Document
General
Check archive.org
Download Go to
Full URL
https://id.gravitec.net/
Requested by
Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/client.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::4 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

date
Sat, 27 Nov 2021 07:25:16 GMT
content-type
text/html; charset=utf-8
last-modified
Mon, 13 Apr 2020 15:31:02 GMT
etag
W/"5e9485b6-26d"
access-control-allow-origin
*
x-accel-expires
@1904239264
server
CDN77-Turbo
x-77-nzt
AcO1rzXdWFT/vH3tAg==
x-77-nzt-ray
Iefl8dcdnqY=
x-cache
HIT
x-age
49118652
x-77-pop
frankfurtDE
x-77-cache
HIT
content-encoding
br
1
mc.yandex.ru/watch/3/
Redirect Chain
  • https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3A...
  • https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3...
167 B
249 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A2%3Adp%3A0%3Als%3A487371354690%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A935701626%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Ast%3A1637997917&t=gdpr%2814%29ti%282%29
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
8d1dca9984dbb40c609ca9aaaa4484db777b69956e1259dbbe4d905238f4fcc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
last-modified
Sat, 27-Nov-2021 07:25:17 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
167
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:17 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
last-modified
Sat, 27-Nov-2021 07:25:17 GMT
location
/watch/3/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A2%3Adp%3A0%3Als%3A487371354690%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A935701626%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Ast%3A1637997917&t=gdpr%2814%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:17 GMT
1
mc.yandex.ru/watch/23783032/
Redirect Chain
  • https://mc.yandex.ru/watch/23783032?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%...
  • https://mc.yandex.ru/watch/23783032/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Al...
331 B
366 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/23783032/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A1264831617969%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A40472431%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1637997917%3At%3A%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&t=gdpr%2814%29ti%282%29
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
fb59bbde032685272ff5e92e69d0b6104c02bf3cd8165437050e54782cd67af5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
last-modified
Sat, 27-Nov-2021 07:25:17 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
331
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:17 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
last-modified
Sat, 27-Nov-2021 07:25:17 GMT
location
/watch/23783032/1?wmode=7&page-url=https%3A%2F%2Fbuhgalter911.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A4bjmbg7omqwgt7numv%3Afp%3A479%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A700%3Acn%3A1%3Adp%3A0%3Als%3A1264831617969%3Ahid%3A68511116%3Az%3A0%3Ai%3A20211127072516%3Aet%3A1637997917%3Ac%3A1%3Arn%3A40472431%3Arqn%3A1%3Au%3A163799791715291278%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1637997915984%3Ads%3A0%2C31%2C314%2C13%2C36%2C0%2C%2C384%2C10%2C%2C%2C%2C767%3Adsn%3A0%2C30%2C314%2C13%2C36%2C0%2C%2C373%2C10%2C%2C%2C%2C767%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1637997917%3At%3A%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&t=gdpr%2814%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:17 GMT
www-subscribe-embed_split_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame EA0A 		38 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 23:30:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
287707
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6066
x-xss-protection
0
last-modified
Wed, 18 Nov 2020 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 23 Nov 2022 23:30:09 GMT
www-subscribe-embed_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame EA0A 		252 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?usegapi=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&layout=default&count=default&origin=https%3A%2F%2Fbuhgalter911.com&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 10:57:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
332850
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
73785
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 23 Nov 2022 10:57:46 GMT
runtime.f6004e3.js
s2.getsitecontrol.com/widgets/es6/ 		167 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s2.getsitecontrol.com/widgets/es6/runtime.f6004e3.js
Requested by
Host: l.getsitecontrol.com
URL: https://l.getsitecontrol.com/p7jdym73.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
be9b99d1d6893e64a41cbbb8507e84c60c1511a8768c7353baf65386af03aa1e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
QTFQDMRFWVC9RRTN
cdn-cachedat
08/25/2021 17:37:22
cdn-pullzone
83560
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
Dpd45UkGfv/9OaAjJUNCZnyzSCeVJBcK96u0e6IimaoIp0X5pfeY1flFdQbkDZ7GNgentSdG09c=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 25 Aug 2021 15:26:58 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript; charset=utf-8
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=22809600
cdn-uid
e3a1246b-2fdd-4153-9207-6ca707c9379d
cdn-requestid
ec7b2c8e410d2fdd79415e82d7d61934
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
subscribe_button_branded_lozenge.png
www.youtube.com/s/subscriptions/subscribe_embed/img/ Frame A4EE 		156 B
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/img/subscribe_button_branded_lozenge.png
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed_split_v0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 11:08:00 GMT
x-content-type-options
nosniff
last-modified
Fri, 18 Sep 2020 20:15:00 GMT
server
sffe
age
332237
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
156
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 23 Nov 2022 11:08:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=492044583&_u=aGDACEADRAAAAG~&z=655358557
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.nl/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-47379603-1&cid=863088088.1637997917&jid=492044583&_u=aGDACEADRAAAAG~&z=655358557
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53572572-5&cid=863088088.1637997917&jid=423077203&_u=aGDACEADRAAAAG~&z=305195234
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.nl/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-53572572-5&cid=863088088.1637997917&jid=423077203&_u=aGDACEADRAAAAG~&z=305195234
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ Frame A4EE 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233650
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:31:07 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif?t=ti(4)
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
last-modified
Fri, 26 Nov 2021 15:51:55 GMT
etag
"61a0d86b-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Sat, 27 Nov 2021 08:25:17 GMT
config.json
player.adtelligent.com/exchange_rates/299481/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://player.adtelligent.com/exchange_rates/299481/config.json?cb=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
96e5f285f659ab635e1534c6c2ffad42409cfc077b38dff06ea0550d97f01859

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
last-modified
Sat, 27 Nov 2021 00:02:11 GMT
server
nginx
etag
W/"61a17583-8ad"
content-type
application/json
access-control-allow-origin
https://buhgalter911.com
expires
Sat, 27 Nov 2021 08:25:17 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
/
loadercdn.net/ 		0
170 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loadercdn.net/?r=1&u=c5550526db444ad4&d=buhgalter911.com
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software
openresty /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 27 Nov 2021 07:25:17 GMT
server
openresty
integrator.js
adservice.google.nl/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		439 B
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=11634698949906&correlator=3256449884952144&output=ldjh&impl=fifs&eid=31063811%2C31063812%2C21068030%2C31063246&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=141806220%2C911-brand-custom&enc_prev_ius=%2F0%2F1&prev_iu_szs=1920x1080&prev_scp=excl_cat%3DPREPOST&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1637997917&dt=1637997917120&dlt=1637997916367&idt=701&frm=20&biw=1600&bih=1200&oid=2&adxs=-12245933&adys=-12245933&adks=2097279382&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbuhgalter911.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x3700&msz=1920x-1&ga_vid=863088088.1637997917&ga_sid=1637997917&ga_hid=1251657043&ga_fc=true&fws=640&ohw=0&btvi=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
50562f8389ae7f074335382394cedb267744b2b31fbc87f656af49db4b3642d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
223
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0806 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 07:25:17 GMT
expires
Sun, 27 Nov 2022 07:25:17 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
796779910-postmessagerelay.js
ssl.gstatic.com/accounts/o/ Frame 1C36 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/796779910-postmessagerelay.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fbuhgalter911.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 08:28:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
82612
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4295
x-xss-protection
0
last-modified
Mon, 15 Nov 2021 19:09:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 26 Nov 2022 08:28:25 GMT
rpc:shindig_random.js
apis.google.com/js/ Frame 1C36 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/rpc:shindig_random.js?onload=init
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fbuhgalter911.com&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
84348e4690919a9ed56cd0aafd148f99db323fdcd23234d6c4d203fcd004a46f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-qPEPT+PJ2BUVjCQHAe/Rcg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
x-ua-compatible
IE=edge, chrome=1
server
ESF
etag
"49b4b5adc2f2250fe445668712f23f46"
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"}]}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
content-security-policy
script-src 'report-sample' 'nonce-qPEPT+PJ2BUVjCQHAe/Rcg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdcxyaoTJMYdhC5b1IVX_h4UhkFjYl5miMVZgqtCo-gS"
expires
Sat, 27 Nov 2021 07:25:17 GMT
/
www.facebook.com/tr/ 		44 B
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1495025544106981&ev=PageView&dl=https%3A%2F%2Fbuhgalter911.com%2F&rl=&if=false&ts=1637997917143&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637997917141.1519329046&it=1637997916864&coo=false&rqm=GET
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Sat, 27 Nov 2021 07:25:17 GMT
/
www.google.com/pagead/1p-user-list/977649145/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/977649145/?random=1637997916884&cv=9&fst=1637996400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter911.com%2F&tiba=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD&async=1&fmt=3&is_vtc=1&random=2294945977&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.nl/pagead/1p-user-list/977649145/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.nl/pagead/1p-user-list/977649145/?random=1637997916884&cv=9&fst=1637996400000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wgba1&sendb=1&frm=0&url=https%3A%2F%2Fbuhgalter911.com%2F&tiba=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD&async=1&fmt=3&is_vtc=1&random=2294945977&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ Frame EA0A 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233650
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:31:07 GMT
openrtb
adx.adform.net/adx/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://buhgalter911.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:17 GMT
content-length
0
cache-control
private
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
access-control-allow-methods
GET, POST
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
access-control-max-age
86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security
max-age=31536000; includeSubDomains
bid
ap.lijit.com/rtb/ 		94 B
747 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.20.0
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
d725b82a17705a9c98f167385a2a20ed1fb456cdfbf7b23d778ffafe7c42f3c9

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:17 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://buhgalter911.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
fastlane.json
fastlane.rubiconproject.com/a/api/ 		264 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=2&alt_size_ids=55%2C221&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=7dc28a58-a8fa-4167-9a85-cc0a3c39946d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5116012517525066
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5a7ede4af727fdf16b794519d0061d4e270ec8f7f1e8da98088d3575c28f3048

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
264
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=9&alt_size_ids=17%2C221&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=8d495b2f-3373-431c-b328-79c35ed7b985&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4363639990321948
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5b33484ed14360b7eea820b16a1741879295c7a7d6d54b6189d580d002e31099

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		261 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17184&site_id=163630&zone_id=2126352&size_id=9&alt_size_ids=17%2C221&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=9c6d1a8e-58e2-48f8-9cf0-de871967f564&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6894348101695558
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
b9846aac246ff70011014258edcb84deadda4f310ade97b7e45534e28d3cf9bd

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
ghb.adtelligent.com/v2/auction/ 		721 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/v2/auction/
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
011eebef0d7034728d108441cd123924e554680601c9efd3e0e82e7cf0630c2b

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:16 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://buhgalter911.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
206
translator
hbopenbid.pubmatic.com/ 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://buhgalter911.com
date
Sat, 27 Nov 2021 07:25:16 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ 		18 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.20.0&cb=39519557117
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
44
prebid
ib.adnxs.com/ut/v3/ 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
fddffdc961f3132503ec9197a60d34b0ffcef8fd71ea975d87497688f0c1c7c1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:17 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
80d8f2e1-bcb4-45f5-99ca-d425e92b6053
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adjson
ads.betweendigital.com/ 		2 B
912 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.betweendigital.com/adjson?t=prebid
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
bids
prebid-eu.creativecdn.com/bidder/prebid/ 		0
178 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS
ip-185-184-8-65.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://buhgalter911.com
date
Sat, 27 Nov 2021 07:25:17 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
arj
adtelligent-d.openx.net/w/1.0/ 		72 B
379 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adtelligent-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fbuhgalter911.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=7dc28a58-a8fa-4167-9a85-cc0a3c39946d%2C8d495b2f-3373-431c-b328-79c35ed7b985%2C9c6d1a8e-58e2-48f8-9cf0-de871967f564&nocache=1637997917193&pubcid=6078ca1e-356b-4e95-bceb-b89a8a51d799&schain=1.0%2C1!adtelligent.com%2C299506%2C1%2C%2C%2C&aus=728x90%2C970x90%2C1x1%7C160x600%2C200x400%2C240x400%2C240x600%2C240x500%2C1x1%7C160x600%2C200x400%2C240x400%2C240x500%2C240x600%2C1x1&divids=div-gpt-ad-911-top-banner%2Cdiv-gpt-ad-911-left-banner%2Cdiv-gpt-ad-911-right-banner&aucs=%2C%2C&auid=541177132%2C541177132%2C541177132
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
fe78531abc2bb4f02696ffec6405d8b7701a7b99acfe8a76d722c1f6915a8c44

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://buhgalter911.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
78
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
rtb.adxpremium.services/openrtb2/ 		470 B
770 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rtb.adxpremium.services/openrtb2/auction
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
135.125.163.79 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3190286.ip-135-125-163.eu
Software
/
Resource Hash
fb08626e23f36c5e52113df7433a8775a80fcf7b94e59bec2b61e58a8d20ce93

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:18 GMT
vary
Origin
content-type
application/json
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
470
expires
0
/
ghb1.adtelligent.com/v2/auction/ 		6 KB
838 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb1.adtelligent.com/v2/auction/
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
954f44c30f6ce0aaa017208d7d5c0b45ff9a47e1c57cd971870fa44188980bfc

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:16 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://buhgalter911.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
547
/
ghb2.adtelligent.com/v2/auction/ 		1 KB
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb2.adtelligent.com/v2/auction/
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
b63b276b241dadf953d02273d5b5e5115f80e8bbb51b1d4b6857c03ed0e609e0

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:16 GMT
Content-Encoding
gzip
Server
VertaMedia 1.0
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://buhgalter911.com
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Length
401
ROS
pbjs.e-planning.net/hb/1/2e43c/1/buhgalter911.com/
Redirect Chain
  • https://pbjs.e-planning.net/pbjs/1/2e43c/1/buhgalter911.com/ROS?rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x500%2B160x6...
  • https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter911.com/ROS?ct=1&r=pbjs&rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x5...
448 B
864 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pbjs.e-planning.net/hb/1/2e43c/1/buhgalter911.com/ROS?ct=1&r=pbjs&rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x500%2B160x600_1%3A160x600%2C1x1%2C200x400%2C240x400%2C240x500%2C240x600&ur=https%3A%2F%2Fbuhgalter911.com%2F&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter911.com%2F&e_pubcid=6078ca1e-356b-4e95-bceb-b89a8a51d799
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
2452165beec9e82dfda7a113e9e01a4d389c88c9c64da76663b39cf744b8e80d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
server
openresty
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin
https://buhgalter911.com
expires
Sat, 27 Nov 2021 07:25:17 GMT
cache-control
max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
448
x-sid
AMS-605

Redirect headers

date
Sat, 27 Nov 2021 07:25:17 GMT
server
openresty
access-control-allow-origin
https://buhgalter911.com
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/hb/1/2e43c/1/buhgalter911.com/ROS?ct=1&r=pbjs&rnd=0.3092473984396926&e=728x90_0%3A728x90%2C970x90%2C1x1%2B160x600_0%3A160x600%2C1x1%2C200x400%2C240x400%2C240x600%2C240x500%2B160x600_1%3A160x600%2C1x1%2C200x400%2C240x400%2C240x500%2C240x600&ur=https%3A%2F%2Fbuhgalter911.com%2F&pbv=5.20.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter911.com%2F&e_pubcid=6078ca1e-356b-4e95-bceb-b89a8a51d799
access-control-allow-credentials
true
content-type
text/html; charset=iso-8859-1
x-sid
AMS-605
fastlane.json
fastlane.rubiconproject.com/a/api/ 		259 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767332&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=7dc28a58-a8fa-4167-9a85-cc0a3c39946d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.40236929915118447
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
81db3dff02e26ef2b2ecaf02ff3b4254a7368d12c23033eaf359bc08f5a2ae36

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
259
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		239 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767332&size_id=9&alt_size_ids=17%2C221&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=8d495b2f-3373-431c-b328-79c35ed7b985&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8289835359270852
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
55d55ff23c1391dfc50ac6ef4794574013f8ac77e1196a6baa79b331029d28bd

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
239
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		239 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12398&site_id=48254&zone_id=1767332&size_id=9&alt_size_ids=17%2C221&rp_schain=1.0,1!luponmedia.com,1994122,1,,,&eid_pubcid.org=6078ca1e-356b-4e95-bceb-b89a8a51d799%5E1&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=9c6d1a8e-58e2-48f8-9cf0-de871967f564&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.4767603619061538
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5e3c8d2c5989b14b5340f7190b29e71db90fa4a6e771df12b7bd3d03108517bc

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:17 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://buhgalter911.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
239
Expires
Wed, 17 Sep 1975 21:32:10 GMT
openrtb
adx.adform.net/adx/ 		0
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/openrtb
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires
-1
cygnus
htlb.casalemedia.com/ 		37 B
330 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=356568&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22856b334913dcf2b%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fbuhgalter911.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A3%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A3%2C%22ren%22%3Afalse%2C%22version%22%3A%225.20.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228640519864efacb%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22728x90%22%7D%7D%2C%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22970x90%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22887d454160ada5c%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A200%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22200x400%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x400%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A500%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x500%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x600%22%7D%7D%5D%7D%7D%2C%7B%22id%22%3A%22927af1474e99e7%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A160%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22160x600%22%7D%7D%2C%7B%22w%22%3A200%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22200x400%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A400%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x400%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A500%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x500%22%7D%7D%2C%7B%22w%22%3A240%2C%22h%22%3A600%2C%22ext%22%3A%7B%22siteID%22%3A%22356568%22%2C%22sid%22%3A%22240x600%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%7D
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
4086ab4839789b04bd5403ce77f1360b73d3bf77a92a81866d589088b5b7d2d0

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:17 GMT
x-ak-initial-geo
CC:[NL], RC:[], CN:[EU], CIP:[109.201.143.63], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://buhgalter911.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
37
x-ak-client-geo
12
expires
Sat, 27 Nov 2021 07:25:17 GMT
events
dash.getsitecontrol.com/api/v1/ 		541 B
789 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dash.getsitecontrol.com/api/v1/events?sid=178576bc-059c-4a97-972e-9c3cf55235e6&source=&query=
Requested by
Host: s2.getsitecontrol.com
URL: https://s2.getsitecontrol.com/widgets/es6/runtime.f6004e3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.86.134.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-86-134-216.compute-1.amazonaws.com
Software
Getsitecontrol /
Resource Hash
a757a4c92c3e8074624e5ade43713117ecda729453a82c648b34724c540b7483

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
server
Getsitecontrol
access-control-allow-methods
GET,POST
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
private, no-cache
access-control-allow-credentials
false
access-control-allow-headers
Content-Type,X-Requested-With
content-length
541
sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain
  • https://mc.webvisor.org/sync_cookie_image_check?t=ti(4)
  • https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9470.si39KFy5uL0FplTk3ikDLboJPkCacRPgffshn_4mvMe34zFFxF6LCwzyldSFKL3t.H6MJnL131a66FJAzAXs5atjS9dQ%2C
  • https://mc.webvisor.org/sync_cookie_image_decide?token=9470.__6JEIjSPY7w2MJkPWOidLadl_2zMoYpvWZmq-vgFlO_DliRd9-gA6a3lcgh7xcbZEZNbMfoTVTrCpe5o81FW1xZGtyhSJMk9PsvAZp_hKg%2C.QPKXNXNj4z2jdwO2f5DkOzyBun...
43 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.webvisor.org/sync_cookie_image_decide?token=9470.__6JEIjSPY7w2MJkPWOidLadl_2zMoYpvWZmq-vgFlO_DliRd9-gA6a3lcgh7xcbZEZNbMfoTVTrCpe5o81FW1xZGtyhSJMk9PsvAZp_hKg%2C.QPKXNXNj4z2jdwO2f5DkOzyBuns%2C
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
80.239.201.24 , Sweden, ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE),
Reverse DNS
80-239-201-24.teliacarrier-cust.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
strict-transport-security
max-age=31536000
content-length
43
x-xss-protection
1; mode=block
content-type
image/gif

Redirect headers

location
https://mc.webvisor.org/sync_cookie_image_decide?token=9470.__6JEIjSPY7w2MJkPWOidLadl_2zMoYpvWZmq-vgFlO_DliRd9-gA6a3lcgh7xcbZEZNbMfoTVTrCpe5o81FW1xZGtyhSJMk9PsvAZp_hKg%2C.QPKXNXNj4z2jdwO2f5DkOzyBuns%2C
date
Sat, 27 Nov 2021 07:25:17 GMT
strict-transport-security
max-age=31536000
x-xss-protection
1; mode=block
z
s.zmctrack.net/ Frame E9E4 		102 B
451 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.zmctrack.net/z
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.187.81.41 Kyiv, Ukraine, ASN43332 (IDSTRATEGY-AS, UA),
Reverse DNS
Software
openresty /
Resource Hash
5cf065410c17c499f6f90047d16c8aa30abedee3046803fb336fdcce0118d2f8

Request headers

Referer
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-language
eyJ4LXBvc3QiOiIxIn0=
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
server
openresty
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
access-control-expose-headers
X-Meta-Request-Id, X-Location, X-Meta-Status, X-Check, X-Cookie
access-control-allow-headers
X-Request-Data, X-Headers, X-Url, Accept-Encoding, Accept-Language, Content-Language, Accept, Content-Type, Cookie, Origin, User-Agent
content-length
102
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ Frame 1C36 		51 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/rpc:shindig_random.js?onload=init
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:30:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233685
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18237
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:30:32 GMT
cb=gapi.loaded_2
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes_style_bubble/exm=auth,ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_2
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/platform.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6aad48dde0907d035bdb01024f52600bec81a2c05bcc6b81469751d567faed27
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:49:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
232525
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9531
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:49:52 GMT
subscribe_embed
www.youtube.com/ Frame 88EF 		606 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e7b8d4b3c5141c9cf35d91b4ac8d0edc8812f445b9faf1b6acb53bda701284ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 27 Nov 2021 07:25:17 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to
{"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
subscribe_embed
www.youtube.com/ Frame 1E32 		606 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=ytsubscribe/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
07c843192e71017acab9f1a33bf25fc04f4b7e924f76b42d11362ce1dd148346
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Sat, 27 Nov 2021 07:25:17 GMT
strict-transport-security
max-age=31536000
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
report-to
{"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
content-encoding
br
server
ESF
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
border_3.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/border_3.gif
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 17:10:07 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
310510
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 23 Nov 2022 17:10:07 GMT
bubbleSprite_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		318 B
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleSprite_3.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 09:49:58 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
250519
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
318
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 24 Nov 2022 09:49:58 GMT
bubbleDropR_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		116 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropR_3.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 18:13:48 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
393089
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
116
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 22 Nov 2022 18:13:48 GMT
bubbleDropB_3.png
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		117 B
140 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/bubbleDropB_3.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 18:22:56 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
219741
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
117
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 24 Nov 2022 18:22:56 GMT
spacer.gif
ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/ 		43 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssl.gstatic.com/s2/oz/images/stars/po/bubblev1/spacer.gif
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 21:17:17 GMT
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
382080
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/gif
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Tue, 22 Nov 2022 21:17:17 GMT
www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 1E32 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 05:51:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
264857
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2447
x-xss-protection
0
last-modified
Wed, 25 Nov 2020 01:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Nov 2022 05:51:00 GMT
www-subscribe-embed-card_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 1E32 		149 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:01:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246234
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44975
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Nov 2022 11:01:23 GMT
www-subscribe-embed-card_v0.css
www.youtube.com/s/subscriptions/subscribe_embed/css/ Frame 88EF 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/css/www-subscribe-embed-card_v0.css
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 05:51:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
264857
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2447
x-xss-protection
0
last-modified
Wed, 25 Nov 2020 01:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Nov 2022 05:51:00 GMT
www-subscribe-embed-card_v0.js
www.youtube.com/s/subscriptions/subscribe_embed/js/ Frame 88EF 		149 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/subscribe_embed?action_card=1&channelid=UCmwRxt86epRSvAdM_Crlp3Q&usegapi=1&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.nl.CYfIF7bcO7g.O%2Fam%3DAQ%2Fd%3D1%2Frs%3DAGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A%2Fm%3D__features__
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 11:01:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
246234
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44975
x-xss-protection
0
last-modified
Tue, 15 Sep 2020 21:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Thu, 24 Nov 2022 11:01:23 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ Frame 1E32 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233650
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:31:07 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/ Frame 88EF 		125 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.nl.CYfIF7bcO7g.O/m=gapi_iframes,gapi_iframes_style_common/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCMetDEnsQIsS88UUkP1hO1Y9k9I0A/cb=gapi.loaded_0
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/s/subscriptions/subscribe_embed/js/www-subscribe-embed-card_v0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.youtube.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:31:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
233650
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41862
x-xss-protection
0
last-modified
Sat, 30 Oct 2021 15:20:57 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding, Origin
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Nov 2022 14:31:07 GMT
css
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1738ebb95c4b540be39b57f3f3fb08e8fcc65d368f5614564f1e643a384ef676
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 05:44:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 27 Nov 2021 07:25:17 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Nov 2021 07:25:17 GMT
truncated
/ 		229 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5152deb80007c748ce43c7579d5befcabe0c90853ce12fdf625dab1927e8bab

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
748f6a6642aa4c1fe32cfe4599223421_170960193.png
media.getsitecontrol.com/prod2/images/12664/ 		58 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.getsitecontrol.com/prod2/images/12664/748f6a6642aa4c1fe32cfe4599223421_170960193.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.59.220.198 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-723.bunnyinfra.net
Software
BunnyCDN-DE1-723 /
Resource Hash
c2672e8516753c735f70b3dfbbef904df3d2f8fb48db4e6288ecb8aa18c8845f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
cdn-edgestorageid
723
x-amz-request-id
CMF4W2R97759GQN9
cdn-cachedat
11/15/2021 21:32:19
cdn-pullzone
44663
content-length
59207
x-amz-id-2
DGUYT2e2GpqdJPh6TjQWel5i3CnmtsJX4BCTakKH/vevA3tDKRiZW6moMuqu/bV9bPTI9sF7WDs=
server
BunnyCDN-DE1-723
last-modified
Mon, 01 Jun 2020 13:56:35 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
content-type
image/png
cdn-cache
HIT
cdn-uid
e3a1246b-2fdd-4153-9207-6ca707c9379d
cache-control
max-age=2592000
cdn-requestid
73e2a0cbf1546b19aace9f4e2299bd54
accept-ranges
bytes
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
0.bundle.js
cdn.gravitec.net/modules/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.gravitec.net/modules/0.bundle.js
Requested by
Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/client.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
last-modified
Wed, 28 Apr 2021 09:53:50 GMT
server
nginx
etag
W/"608930ae-2550"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 28 Apr 2021 10:06:20 GMT
cache-control
max-age=10
x-proxy-cache
HIT
1.bundle.js
cdn.gravitec.net/modules/ 		32 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.gravitec.net/modules/1.bundle.js
Requested by
Host: cdn.gravitec.net
URL: https://cdn.gravitec.net/storage/bb0015a59e2f56e2ec6479075a6ca03c/client.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.1 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
content-encoding
gzip
last-modified
Wed, 28 Apr 2021 09:53:50 GMT
server
nginx
etag
W/"608930ae-8092"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 28 Apr 2021 10:06:20 GMT
cache-control
max-age=10
x-proxy-cache
HIT
/
www.facebook.com/tr/ Frame 838F 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://buhgalter911.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
date
Sat, 27 Nov 2021 07:25:17 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d28cd8034256b93e060711ff9357b555b0d55af2c9aa4640311c1d41dcab3e13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 17:59:37 GMT
x-content-type-options
nosniff
age
221140
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12440
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:17:37 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 17:59:37 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxduz8A.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwkxduz8A.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cb39e207acc3d3c7c7adef0a3686753bf4cc85cbdc0dfc16f8b875c203c8ed22
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 13:26:49 GMT
x-content-type-options
nosniff
age
64708
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7084
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:30 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 13:26:49 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 14:06:47 GMT
x-content-type-options
nosniff
age
321510
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13008
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 14:06:47 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 14:56:27 GMT
x-content-type-options
nosniff
age
232130
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13080
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:26 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 14:56:27 GMT
6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45cf150078bf4b82c64560f6113507d21c77b3f848514adb57e718c5c6b23296
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 18:18:24 GMT
x-content-type-options
nosniff
age
220013
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7484
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:10:27 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 18:18:24 GMT
6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2
fonts.gstatic.com/s/sourcesanspro/v18/ 		7 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/sourcesanspro/v18/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwkxduz8A.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10d7b260f98e80b969a89029f6ee067b0741db83afb176edf0234ad606148886
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 18:06:42 GMT
x-content-type-options
nosniff
age
220715
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7392
x-xss-protection
0
last-modified
Wed, 10 Nov 2021 18:12:48 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 18:06:42 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1251657043&t=event&ni=1&_s=2&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=getsitecontrol&ea=show&el=Telegram%20%D0%BF%D0%BB%D0%B0%D1%88%D0%BA%D0%B0%20%2320422&_u=aHDAiEADRAAAAG~&jid=&gjid=&cid=863088088.1637997917&tid=UA-47379603-1&_gid=1344761388.1637997917&cd3=%D0%BD%D0%B5%D1%82&z=482148355
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 03:26:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14348
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1251657043&t=event&ni=1&_s=3&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=getsitecontrol&ea=show&el=Telegram%20%D0%BF%D0%BB%D0%B0%D1%88%D0%BA%D0%B0%20%2320422&_u=aHDAiEADRAAAAG~&jid=&gjid=&cid=863088088.1637997917&tid=UA-47379603-1&_gid=1344761388.1637997917&cd3=%D0%BD%D0%B5%D1%82&z=1229450596
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 03:26:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14348
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=1251657043&t=event&ni=1&_s=2&dl=https%3A%2F%2Fbuhgalter911.com%2F&ul=en-us&de=UTF-8&dt=%D0%91%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%20911%20-%20%D0%A1%D0%B0%D0%B9%D1%82%20%D0%B4%D0%BB%D1%8F%20%D0%B1%D1%83%D1%85%D0%B3%D0%B0%D0%BB%D1%82%D0%B5%D1%80%D0%BE%D0%B2%2C%20%D0%B0%D1%83%D0%B4%D0%B8%D1%82%D0%BE%D1%80%D0%BE%D0%B2%2C%20%D0%BD%D0%B0%D0%BB%D0%BE%D0%B3%D0%BE%D0%B2%D1%8B%D1%85%20%D0%BA%D0%BE%D0%BD%D1%81%D1%83%D0%BB%D1%8C%D1%82%D0%B0%D0%BD%D1%82%D0%BE%D0%B2%20%D0%B2%20%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=getsitecontrol&ea=show&el=Telegram%20%D0%BF%D0%BB%D0%B0%D1%88%D0%BA%D0%B0%20%2320422&_u=aHDACEADRAAAAG~&jid=&gjid=&cid=863088088.1637997917&tid=UA-53572572-5&_gid=1344761388.1637997917&gtm=2wgba1WRNTR8&z=557264426
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 03:26:09 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
14348
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
events
dash.getsitecontrol.com/api/v1/ 		0
212 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://dash.getsitecontrol.com/api/v1/events?ts=1637997917639&sid=178576bc-059c-4a97-972e-9c3cf55235e6&t=1637997917.3c0131c9d44495c54a46da3ea0360b88.be55c0d2083b79497e5a152dc1040b5b&s=a2478f8c9a53d721a6d714af0571023c
Requested by
Host: s2.getsitecontrol.com
URL: https://s2.getsitecontrol.com/widgets/es6/runtime.f6004e3.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.86.134.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-86-134-216.compute-1.amazonaws.com
Software
Getsitecontrol /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:17 GMT
server
Getsitecontrol
access-control-allow-methods
GET,POST
access-control-allow-origin
*
cache-control
private, no-cache
access-control-allow-credentials
false
access-control-allow-headers
Content-Type,X-Requested-With
content-length
0
multitracking
ghb.adtelligent.com/adunit/ 		0
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/adunit/multitracking
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:17 GMT
Access-Control-Allow-Credentials
true
Server
VertaMedia 1.0
Connection
Keep-Alive
integrator.js
adservice.google.nl/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		125 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=11634698949906&correlator=405551320581525&output=ldjh&impl=fifs&eid=31063811%2C31063812%2C21068030%2C31063246&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=141806220%2C911-top-banner%2C911-left-banner%2C911-right-banner&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=728x90%7C970x90%7C1x1%2C160x600%7C200x400%7C240x400%7C240x600%7C240x500%7C1x1%2C160x600%7C200x400%7C240x400%7C240x500%7C240x600%7C1x1&prev_scp=hb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST%7Chb_rfBid%3D0%26excl_cat%3DPREPOST&eri=1&cookie=ID%3Da3ee430318fc9197%3AT%3D1637997917%3AS%3DALNI_MaQJL4RNQmddoDZ7fhGs9RP4KR16g&bc=31&abxe=1&lmt=1637997918&dt=1637997918773&dlt=1637997916367&idt=701&frm=20&biw=1600&bih=1200&oid=2&adxs=405%2C215%2C1145&adys=40%2C661%2C1342&adks=1928020410%2C260308785%2C4209661515&ucis=2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbuhgalter911.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=994x0%7C240x600%7C240x600&msz=994x0%7C240x0%7C240x0&psts=AGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=863088088.1637997917&ga_sid=1637997917&ga_hid=1251657043&ga_fc=true&fws=0%2C4%2C4&ohw=0%2C240%2C240&btvi=0%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
3593cd459624b4045c356b5b3836b15b58023417c248b147e361592af554b204
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22593
x-xss-protection
0
google-lineitem-id
5215377536,-1,-1
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138293248236,-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://buhgalter911.com
access-control-expose-headers
x-google-amp-ad-validated-version
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
publishertag.prebid.113.js
static.criteo.net/js/ld/ 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.113.js
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 12:50:31 GMT
server
nginx
etag
W/"6138b197-1532d"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:19 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
167 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=1&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=1005010965&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1637997919%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072519%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997919&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:19 GMT
last-modified
Sat, 27-Nov-2021 07:25:19 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:19 GMT
publishertag.prebid.js
static.criteo.net/js/ld/ 		83 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 06:35:11 GMT
server
nginx
etag
W/"618cb99f-14b33"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:19 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame AB5C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss30jYM_CZS4pZ8AJEztQ2M1PtrGPJhd7A6hjkGj7fsfZFGcEAQFUedj0jYl9xBT7ytWlZdO1xxj6vTLSp2F4k2q7nooYlVOKvJpBjI3joW0LB64BaWWYk9afjHj2dcL4MMpfSfzjioFWAdcfMdr0hHXiTiKF0LjI7mDLE_YNbAfbQAC1XiJpYr8lGkFPSy8FAycLhllb3acijXvr8kXeT7Nyr5j7P3WTBQtfEgS05uWFv6oRdARKtB29zCeQ_x7PlB47FqU3mm-fhnV9LHOrrGhOw9lE1X_Q9ICER0W2un2tREWUYBBlceI95yaQUeiEddzHsSdJOjpg3F&sig=Cg0ArKJSzFe9dkTmz5gkEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
t.js
runwaff.com/ Frame AB5C 		18 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b400c23bd3335097eb317390ecf1419d08c46a28dff049598bf62b707be1c1c8

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
PB5_dvIaez78Ld92cLlRc70-Kye6hTwnDuh-udAqxwK92DM7GK2Oxg==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame AB5C 		119 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:19 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012111011823000/ Frame FE2A 		189 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
287685
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55592
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"11dee2040f5fc1d7"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:30:34 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FE2A 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
385983
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4992
x-xss-protection
0
server
sffe
date
Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"858600ba27ef7413"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 22 Nov 2022 20:12:16 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FE2A 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
265532
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28555
x-xss-protection
0
server
sffe
date
Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a64e482645fd262b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 24 Nov 2022 05:39:47 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FE2A 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
289129
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1731
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"cb4f0e89d7d37d9b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:06:30 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame FE2A 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
289515
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12826
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f02165e023e70703"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:00:04 GMT
css
fonts.googleapis.com/ Frame FE2A 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 05:45:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 27 Nov 2021 07:25:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Nov 2021 07:25:19 GMT
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012111011823000/ Frame 91B6 		189 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
287685
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55592
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:30:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"11dee2040f5fc1d7"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:30:34 GMT
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 91B6 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
385983
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4992
x-xss-protection
0
server
sffe
date
Mon, 22 Nov 2021 20:12:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"858600ba27ef7413"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Tue, 22 Nov 2022 20:12:16 GMT
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 91B6 		89 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-analytics-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
265532
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28555
x-xss-protection
0
server
sffe
date
Wed, 24 Nov 2021 05:39:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"a64e482645fd262b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 24 Nov 2022 05:39:47 GMT
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 91B6 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-fit-text-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
289129
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1731
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:06:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"cb4f0e89d7d37d9b"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:06:30 GMT
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012111011823000/v0/ Frame 91B6 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.ampproject.org/rtv/012111011823000/v0/amp-form-0.1.mjs
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
age
289515
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12826
x-xss-protection
0
server
sffe
date
Tue, 23 Nov 2021 23:00:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=31536000
etag
"f02165e023e70703"
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 23 Nov 2022 23:00:04 GMT
css
fonts.googleapis.com/ Frame 91B6 		3 KB
579 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 05:44:54 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 27 Nov 2021 07:25:19 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Nov 2021 07:25:19 GMT
uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FE2A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/uk.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 04:22:23 GMT
x-content-type-options
nosniff
server
cafe
age
10976
etag
14587847488922671356
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3073
x-xss-protection
0
expires
Sun, 28 Nov 2021 04:22:23 GMT
icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FE2A 		344 B
807 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/icon.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 26 Nov 2021 16:59:05 GMT
x-content-type-options
nosniff
server
cafe
age
51974
etag
6766994032117382215
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
344
x-xss-protection
0
expires
Sat, 27 Nov 2021 16:59:05 GMT
l
www.google.com/ads/measurement/ Frame FE2A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRhHGmdcoOJ8-tmz9cLa2S5jEWDNR4LKoWIGO5mLBJBx_Do9U18Ial9d2bML2Wr-vLYsBCM5gMeT2s9nPm7sHrqND-47A
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
adview
securepubads.g.doubleclick.net/pagead/ Frame FE2A 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CYJprXt2hYdqiMqGLjuwPqLC18ArantzgZvmKiar_DtC_2uCvCRABIIzloB9gkQSgAcfq2poDyAEBqQLpVwfYh8hjPuACAKgDAcgDCKoE5QFP0KQuf0v7qvH_zOLLPO1uIiyS-EFG28ZPojf3v_leggRNxwzpRGI9B23C7RVycBeUJd57U2AGN-leIgsjDKDUXLHqaap8T8fRNOKatsewytJTUvKsmQ5vrK-_gMYFnDfkndpuSNvRzTH3L17zdne6Ndzve5FwPIq-olSsc3j1_x_5jers7PUHhp_FzlUMSBd9jr7bh8eZJie3jJhLh891qb9g3TV_FqR86E1Qzm5J4Q5zUsLd5EmHcW3CXN4ddtnLhDScV-zXfHWlVM-7lAe6fRjE314vuBpJkc0Rj9M-9Az-O4eWwATh7Y_E4APgBAGSBQQIBBgBkgUECAUYBKAGLoAHoZWlZagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEELu6RtIICQiA4YAQEAEYHYAKAcgLAbgTnSfYEw2IFAPQFQGYFgGAFwGyFx4KHAgAEhRwdWItODYxODc3MTU0NTMxNjMyMRi84Bc&sigh=hTntYCjk2R8&uach_m=[UACH]&template_id=5021&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 91B6 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/uk.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 04:22:23 GMT
x-content-type-options
nosniff
server
cafe
age
10976
etag
14587847488922671356
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3073
x-xss-protection
0
expires
Sun, 28 Nov 2021 04:22:23 GMT
icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 91B6 		344 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/icon.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 26 Nov 2021 16:59:05 GMT
x-content-type-options
nosniff
server
cafe
age
51974
etag
6766994032117382215
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
344
x-xss-protection
0
expires
Sat, 27 Nov 2021 16:59:05 GMT
adview
securepubads.g.doubleclick.net/pagead/ Frame 91B6 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pagead/adview?ai=CHdqBXt2hYduiMqGLjuwPqLC18ArantzgZvmKiar_DtC_2uCvCRABIIzloB9gkQSgAcfq2poDyAEBqQLpVwfYh8hjPuACAKgDAcgDCKoE5QFP0HHLq-RCjhGoZKCISFT-m5fmmdmXEASXrUQaYupqBpoY4NdETF5m6H7WFlMu4PletSles9zWHz7-d_Ddp8T0LnGn72YqeNBx0CCzD1zG2DJN8jJFt9zGUPcnW75pSUPLyQM8V7GGsEwYDwdtlDc2pAPDLhF7BPPrrn-EbrkBSrFH-vjY8xvSxPU5_hadlSI-vEYG9f8BVHTcwkDy-bRIh8mbbkwbg5t3xY2ygOfvXqwiRUMhrkSke-vb-UFWYshjdGFK4T-oy2MDbWjiXHIIugBwNp3AFTGIs8zp6WntieagXFd9wATh7Y_E4APgBAGSBQQIBBgBkgUECAUYBKAGLoAHoZWlZagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEPPfE9IICQiA4YAQEAEYHYAKAcgLAbgTnSfYEw2IFAPQFQGYFgGAFwGyFx4KHAgAEhRwdWItODYxODc3MTU0NTMxNjMyMRi84Bc&sigh=E8M7o0zz6Hc&uach_m=[UACH]&template_id=5021&uap=UACH(platform)&uapv=UACH(platformVersion)&uaa=UACH(architecture)&uam=UACH(model)&uafv=UACH(uaFullVersion)&uab=UACH(bitness)
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
downsize_200k_v1
tpc.googlesyndication.com/simgad/18042072950843848550/ Frame FE2A 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18042072950843848550/downsize_200k_v1?w=100&h=100
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
38a99c15dc41db0495bb2eeecf10d3be2526ab49557c9b27ef8273ab7f6a5d12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 22:00:18 GMT
x-content-type-options
nosniff
age
206701
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1745
x-xss-protection
0
last-modified
Sun, 05 Sep 2021 21:41:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 22:00:18 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/2933375292326515235/ Frame FE2A 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2933375292326515235/downsize_200k_v1?w=400&h=209
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34229c23c4538e749b2d0f2503b93ac02a4877acc82c3a8cf10b8646280b81d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 14:32:17 GMT
x-content-type-options
nosniff
age
147182
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14747
x-xss-protection
0
last-modified
Thu, 25 Nov 2021 10:31:13 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 14:32:17 GMT
truncated
/ Frame FE2A 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de3f5289f269e38ee410308bc46240f0c4d4502da930f7cb6cea633ad0a8c80b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame FE2A 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
372a3186cdfa2b7a80c939a0496851ab0519c9b8cb656609fb902168ee053a8b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame FE2A 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8ec42741164077a8e2063e83f25afdff15bad210fdd0511030fedde8f5fde7cc

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FE2A 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 16:54:46 GMT
x-content-type-options
nosniff
age
311433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 16:54:46 GMT
4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FE2A 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a0a55ede49967613efde001805c862157a4f477f3546dd3c197a8a1d6398d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 04:37:21 GMT
x-content-type-options
nosniff
age
96478
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10924
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:27 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 04:37:21 GMT
4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FE2A 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be91f18df6e006242cdabf8678e83f6df4b713a2ffabca522cd9e2619a255f2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 09:58:06 GMT
x-content-type-options
nosniff
age
250033
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10824
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:13 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 09:58:06 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame FE2A 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 18:21:26 GMT
x-content-type-options
nosniff
age
392633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 22 Nov 2022 18:21:26 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/18042072950843848550/ Frame 91B6 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/18042072950843848550/downsize_200k_v1?w=100&h=100
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
38a99c15dc41db0495bb2eeecf10d3be2526ab49557c9b27ef8273ab7f6a5d12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 22:00:18 GMT
x-content-type-options
nosniff
age
206701
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1745
x-xss-protection
0
last-modified
Sun, 05 Sep 2021 21:41:50 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 22:00:18 GMT
downsize_200k_v1
tpc.googlesyndication.com/simgad/2933375292326515235/ Frame 91B6 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/2933375292326515235/downsize_200k_v1?w=400&h=209
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
34229c23c4538e749b2d0f2503b93ac02a4877acc82c3a8cf10b8646280b81d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Thu, 25 Nov 2021 14:32:17 GMT
x-content-type-options
nosniff
age
147182
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14747
x-xss-protection
0
last-modified
Thu, 25 Nov 2021 10:31:13 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 14:32:17 GMT
truncated
/ Frame 91B6 		209 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de3f5289f269e38ee410308bc46240f0c4d4502da930f7cb6cea633ad0a8c80b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 91B6 		206 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
372a3186cdfa2b7a80c939a0496851ab0519c9b8cb656609fb902168ee053a8b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 91B6 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7db7809740f0ce74ab4d9aef6bd1d2de77f0fc9777b7f8537cf9127e4fe4f3e7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 91B6 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 23 Nov 2021 16:54:46 GMT
x-content-type-options
nosniff
age
311433
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21660
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 23 Nov 2022 16:54:46 GMT
4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 91B6 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a0a55ede49967613efde001805c862157a4f477f3546dd3c197a8a1d6398d82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 04:37:21 GMT
x-content-type-options
nosniff
age
96478
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10924
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:27 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 26 Nov 2022 04:37:21 GMT
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 91B6 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 18:21:26 GMT
x-content-type-options
nosniff
age
392633
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21424
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:08:24 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 22 Nov 2022 18:21:26 GMT
4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2
fonts.gstatic.com/s/googlesans/v36/ Frame 91B6 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesans/v36/4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
be91f18df6e006242cdabf8678e83f6df4b713a2ffabca522cd9e2619a255f2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buhgalter911.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 09:58:06 GMT
x-content-type-options
nosniff
age
250033
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10824
x-xss-protection
0
last-modified
Wed, 01 Sep 2021 18:07:13 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 24 Nov 2022 09:58:06 GMT
truncated
/ Frame AB5C 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
447696257c6c19ad8c6fa57c43cc99c8169f437220b985cac212a823980f4f2f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
v4_299506_4723.json
player.adtelligent.com/prebidlink/2729996/ 		112 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://player.adtelligent.com/prebidlink/2729996/v4_299506_4723.json?cb=buhgalter911.com
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
213.174.135.2 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
170f1a940ccc1944ffe15eec9f65f60bc37d02ae6d42a856ce8272fdc58b22b8

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 20:22:02 GMT
server
nginx
etag
W/"61a141ea-1becc"
content-type
application/json
access-control-allow-origin
https://buhgalter911.com
expires
Sat, 27 Nov 2021 08:25:19 GMT
cache-control
max-age=3600
x-proxy-cache
HIT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 7A3F 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
c25a4ea2cd2003381fd6a9118f631d3be90f549b63598e8bbc523ef0747731f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 782 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26863
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:19 GMT
usersync
runwaff.com/ Frame D364 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=53b2002c59d3e5f630751881f15474be9&cb=2010711637997919628
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
ZNkrBJ_CqFXECSHo93Ri_fMC2riNn6E4quGwyyas7Pc0SG8Qtm4TxQ==
async_usersync
runwaff.com/ Frame FE39 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=98f4e4faa4233f870087ce42c5a513e95&cb=1345621637997919630
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
nv1kU_AMrZcZLBJDPInSpZrOV0E3MWHvbMLphqQxUSrCy2NdNY8mnQ==
usync
runwaff.com/ Frame 8EA5 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
13b51f05a32209a9cb536ebe3795915619c002a76882ce2715f85b4d5f785ce0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
vary
Accept-Encoding
date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
PZg8ZbIwg9b4A950DKPepo1DnlqhQM_xs_KwRNlKPI8N_vyw9VjWqQ==
count
runwaff.com/ Frame E239 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=baaeee3411d3fd157639692256e43d715&cb=5288031637997919632
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
57c6dd434ef6d209622afd433f1e8de565d006d41f8679abef98365ce119d727

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
vary
Accept-Encoding
date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
Q2KQ5UkyUxEeu2AqzPnbFHfX0Ybp4UO0fDhnKPReb3HF6drO0bHwIQ==
syncro
runwaff.com/ Frame 6F82 		2 KB
1018 B 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
92d716be22a49fa0e8ee0ea4688674b48414a2060b2fcdd77d3863a1a4bcb06c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
vary
Accept-Encoding
date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
DLW3wJLgGu2wZuG2Y8IaB8q5QcLtqhiy3WcMernrXIsk3f46vhkauQ==
count
runwaff.com/ Frame 42E1 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=29e1899b19056b3bbad87d287cfa52325&cb=8648741637997919635
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
3377a6953c4c488da8e547e9aad19dcb2d6164ee85cdde1ab0885c30d1b3753d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
n2yfwAYN90hr51Bkrc2hpHXraEuBOytyjNeI1TQvKE62hn-VNJS4QA==
async_usersync
runwaff.com/ Frame 8290 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
ef4bc5766013957b6b0eff70f34bfc9223015ef18e94c0e62ad836391197b9ac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
content-length
1710
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
qbdfgOG56SepSswQG3SoQ-Ctx0HH8e7EJRNKhkcmgFjpKOx6BrirSA==
sync
runwaff.com/ Frame D3C7 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=f9cc45838f4c29b5f9349ce01f9beb869&cb=3930431637997919638
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
cb9c475776bd99d9a9e34749832e2d3b054624c27d93cc37c7a3549e0e6a7640

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
content-length
1873
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
PadOt2cM7229aeNsyB9nAvyriCBvfkCd5FpLD90AR8m9Tnv38QgNpQ==
sync
runwaff.com/ Frame 9353 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
4145bcc602f84a695520798fe63830e806c8289da65274e6fb11e138c5c1cc17

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
co-sPIR8t1C7vZYOp9p2WF0u_nD-8GeJhcUshpIJn7zBa8zFrTD83A==
stats
runwaff.com/ Frame 1B9F 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=3c0f5400ba98f8cac9b313d902398d0a1&cb=6580791637997919642
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
77437c66b6e6ce55f981e27fc46ce8597a9a7bc334a27bd4d7d37ee9b9d8383f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
content-length
1633
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
hkoN5wjB7Z6ck3J8LUAVCRffFebJ8kMf8BqlWmvpIPsyfWf5L-aJCg==
syncro
runwaff.com/ Frame F212 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=69ea1948c62a33cfec0ab584a19243e31&cb=0876431637997919643
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
52qnFOjsTCqokNeZBbcXN9TGqM1B9LrNKe0m6e_ztgJWuQTnt3BMDw==
send
runwaff.com/ Frame A4E4 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=5a53537a17bd44ad82d5176115d03d729&cb=4418541637997919644
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
-3dgjDuXFP_drBm6royz_zTnnfFIpdYiiZraf2Klc9S0K45mRWr_qQ==
usync
runwaff.com/ Frame EF30 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=79ebc9f4a562a4247447de7d211baa9c5&cb=8867251637997919646
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
e3e7c965e41ba62a86766baa4795cb057d869b09a8d1cffa4482620975a7a967

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
PYDy-GyT6kLiUq5TGGIsSuu9oPatXmtMSNaE22y3GvJ-9qFgh15UwQ==
syncro
runwaff.com/ Frame 7BC4 		10 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=4e0ac44bc5a2e0e5c22c8af2178591cf3&cb=4919941637997919647
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
C1sLPGTua9FJbXXYRL-gCmBSNj_VfvDIAhGXX6E5CKJmK9dy49redg==
usersync
runwaff.com/ Frame DC1B 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
cdeb743f50d1b0bacc7ca982e03067b6ca427c32e77f1a3a599b30202f14e065

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
uy7UaGTzeZCxY3pwddXnXME6f3ffh9b-e--6DCzo2iExhduddPWlow==
stats
runwaff.com/ Frame B579 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
38dd5741c6a9fe3cb4e1fd84bf2e9b98c79a8ace752ad5dfcb56eaa30aff92ea

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
oOZaO1H4cedt9cbLehQ8lqkKO3sT6Kd1gXwdknGEDnvA2m4NUjT0Cw==
send
runwaff.com/ Frame 5241 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=f5e96ef64602be065840c9b0c393d0799&cb=0266181637997919652
Requested by
Host: runwaff.com
URL: https://runwaff.com/t.js?i=rf07l732vciakgacx3n4&cb=8335781637997919404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
9a97c5e883ba517083bfc235752fdf5f6471c459d8c45d3615ed3b611317435c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

content-type
text/html; charset=UTF-8
content-length
1977
date
Sat, 27 Nov 2021 07:25:19 GMT
x-cache
Miss from cloudfront
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
APl-JOOuKANICXO_WZuTTeDRZWkCUtxi4ulr6sffgfijvrATSzYuyw==
view
securepubads.g.doubleclick.net/pcs/ Frame AB5C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv58TnRtNxPKjjIuOpzH1uEalj35CrpA3hxAzC-4sNaPYnPKSPLdhnLLBOZtd6DCuM61bXKxJG17ExfT3nhR8En8fxw7sdJWo0RNewIpGGnIZD6nV5c4mWcQ5mobbhATCFW4seUr5lX9VytwgGuZ2EQq-YFvPUSIf_LrAlGZQztTtmY8RZyvw2JvLb9mMi8OJcINSIav2VlmkA87A9swyH9iXrhXmul4zVk0A9hwv-S3C50xPfFOKhOyaeWQKTSdZnajvenTJ6ndsyVdiS45yZPeYMqvS4YVXARjFPR5JInqrnsUAOS-aHahBe-V18L&sig=Cg0ArKJSzCO_AE9rizBQEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:19 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
expires
Sat, 27 Nov 2021 07:25:19 GMT
uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FE2A 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/uk.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 04:22:23 GMT
x-content-type-options
nosniff
server
cafe
age
10976
etag
14587847488922671356
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3073
x-xss-protection
0
expires
Sun, 28 Nov 2021 04:22:23 GMT
icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FE2A 		344 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 26 Nov 2021 16:59:05 GMT
x-content-type-options
nosniff
server
cafe
age
51974
etag
6766994032117382215
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
344
x-xss-protection
0
expires
Sat, 27 Nov 2021 16:59:05 GMT
uk.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 91B6 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/uk.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 04:22:23 GMT
x-content-type-options
nosniff
server
cafe
age
10976
etag
14587847488922671356
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3073
x-xss-protection
0
expires
Sun, 28 Nov 2021 04:22:23 GMT
icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 91B6 		344 B
368 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/pagead/images/abg/icon.png
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012111011823000/amp4ads-v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 26 Nov 2021 16:59:05 GMT
x-content-type-options
nosniff
server
cafe
age
51974
etag
6766994032117382215
vary
Accept-Encoding
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
344
x-xss-protection
0
expires
Sat, 27 Nov 2021 16:59:05 GMT
pxl.jpg
runwaff.com/ Frame AB5C 		597 B
832 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://runwaff.com/pxl.jpg?i=rf07l732vciakgacx3n4&s=786&p=https%3A%2F%2Fbuhgalter911.com%2F&rstk=https%3A%2F%2Fbuhgalter911.com%2F&h=1534741637997919870
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
597
x-amz-cf-id
HLZ3pOV7cWH6duyG9q6d0cCPUNBhhl9qy-3IpcByvaNKWD06Zwq_Fg==
x-cache
Miss from cloudfront
content-type
image/jpeg; charset=UTF-8
multitracking
ghb.adtelligent.com/adunit/ 		0
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ghb.adtelligent.com/adunit/multitracking
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/454999/hbw_master_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5142::2 London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:19 GMT
Access-Control-Allow-Credentials
true
Server
VertaMedia 1.0
Connection
Keep-Alive
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame 7A3F 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:19 GMT
gen.js
ads.themoneytizer.com/s/ Frame 8EA5 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/gen.js?type=1
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
c846a0262d82ade117a598538a1e27fa05b9fff6bd028516417f32f6d1613230

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
cache-control
max-age=604800
accept-ranges
bytes
content-length
2128
expires
Sat, 04 Dec 2021 07:25:08 GMT
requestform.js
ads.themoneytizer.com/s/ Frame 8EA5 		71 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
45af098dbc6221aca6df4def709e3a268fe006ed9bb44263bf3fdb1c33e5b9f7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
cache-control
max-age=604800
accept-ranges
bytes
expires
Sat, 04 Dec 2021 07:25:19 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 42E1 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=29e1899b19056b3bbad87d287cfa52325&cb=8648741637997919635
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 10:00:01 GMT
server
Apache/2.2.15 (CentOS)
etag
"1302647-96ae-5ceb1b98ba7c4"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
public, max-age=77467
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
13882
expires
Sun, 28 Nov 2021 04:56:26 GMT
fpi.js
ap.lijit.com/www/delivery/ Frame 6F82 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/www/delivery/fpi.js?z=660774&width=970&height=90
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx /
Resource Hash
53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:19 GMT
Content-Encoding
gzip
Server
nginx
ETag
W/"6197f1ea-1540"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private, no-cache, no-store, must-revalidate, max-age=0
Transfer-Encoding
chunked
X-Sovrn-Pod
ad_ap5ams1
Expires
Thu, 01 Jan 1970 00:00:01 GMT
/
ads.projectagoraservices.com/ Frame E239 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=baaeee3411d3fd157639692256e43d715&cb=5288031637997919632
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
adx.js
s1.adform.net/banners/scripts/ Frame 8290 		58 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s1.adform.net/banners/scripts/adx.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
4734ad6d0381c5320a9bd48cc2669cd768babe44676e6a18caea1151b6edc52e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Mon, 30 Aug 2021 08:56:02 GMT
server
nginx
etag
W/"612c9d22-e958"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
ttj
secure.adnxs.com/ Frame 1B9F 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/ttj?id=17494273
Requested by
Host: runwaff.com
URL: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=3c0f5400ba98f8cac9b313d902398d0a1&cb=6580791637997919642
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
6b8f96eca9e123ea70ad8669abc3d252fb20a5a46797e5d92704d9c48ee845c4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:19 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
b98fb960-389a-42bd-9edf-40256ed02d28
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async.js
cdn.adtrue.com/rtb/ Frame D3C7 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adtrue.com/rtb/async.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=f9cc45838f4c29b5f9349ce01f9beb869&cb=3930431637997919638
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:607 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 16 Nov 2020 01:20:45 GMT
server
cloudflare
age
10977211
etag
W/"5fb1d3ed-1c9f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=31104000
cf-ray
6b499f37dd5f5c38-FRA
expires
Mon, 18 Jul 2022 06:11:48 GMT
publishertag.js
static.criteo.net/js/ld/ Frame B579 		117 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
c0fb763f2f2e80a902d63860360c9ae467315055f06d4ac3a8cf0bd5982573ef

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 06:35:13 GMT
server
nginx
etag
W/"618cb9a1-1d4ec"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:19 GMT
smart.js
ced.sascdn.com/tag/1743/ Frame DC1B 		81 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ced.sascdn.com/tag/1743/smart.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-26.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8ecb66a310d4f8e9cbde7cbf0debdffd84fa1ad0bb3bf3586b16089f7558f1bf

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=900
Connection
keep-alive
Content-Length
27550
Expires
Sat, 27 Nov 2021 07:40:20 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ Frame 5241 		77 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=f5e96ef64602be065840c9b0c393d0799&cb=0266181637997919652
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
c25a4ea2cd2003381fd6a9118f631d3be90f549b63598e8bbc523ef0747731f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1056 / 74 of 1000 / last-modified: 1637708722"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26863
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:19 GMT
prebid_v4_21.js
hb.adpone.com/ Frame D364 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=53b2002c59d3e5f630751881f15474be9&cb=2010711637997919628
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtV0F7jircbkeV%2FlIYlTgkDxsp1ED597Fcx%2FjqGXDBIXd1zVOrHACshXG%2Bap9yDbMeKhfhxAiCWLhh0%2B6Xbqysz4G4h2L%2FqxWCqdf504jmuZEJie%2BN1Rbj08XWh0sshuiunyz5TO5lp1fRk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f37f93c2c4e-FRA
prebid_v4_21.js
hb.adpone.com/ Frame FE39 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=98f4e4faa4233f870087ce42c5a513e95&cb=1345621637997919630
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSLQFHSUNQo26QPFd8G7vmF6AwRlLvJIL6wPfYlJUWvos6mQsNlIPHqj8IiTKGo%2FwAk1TNOVyifBHxUygQdcKCIm%2B4oB8FHRyv9k1DL4L8VnVdqlozHDHRjAm0usMHqxYUJP8DXJBliHhFg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f37f93e2c4e-FRA
17210.js
ads.rubiconproject.com/ad/ Frame 9353 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/17210.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.35.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-35-65.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=8701
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8916
Expires
Sat, 27 Nov 2021 09:50:21 GMT
prebid_v4_21.js
hb.adpone.com/ Frame F212 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=69ea1948c62a33cfec0ab584a19243e31&cb=0876431637997919643
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JHp89WJA2P0IAqJzww7Ly7K1f62J6aEcAWtT5%2BMBeCwP%2FNGA4m98YPZHdjeUr%2BrmgtbdmMeNPAURs6JBAYTKLDmou18RmEQtCSS%2BJ7Zv5R6iryn7Ma05VE9U3CgSF9UxRIEx%2BnFC6bgKQLA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f37f93f2c4e-FRA
prebid_v4_21.js
hb.adpone.com/ Frame EF30 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=79ebc9f4a562a4247447de7d211baa9c5&cb=8867251637997919646
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S3pVteSfPkpuHqsrfO%2B6BrUM%2FEfrhG4raOT9Kkt796kmqKPasyER6i5QtS070O10s1OYkV33vTPEaY2KOo%2BnjECNFykSRBK9tb75cSQmCLAFzkPp%2B%2F5GHssPIcvxESBVMPbTYTFzqIWurQQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f37f9402c4e-FRA
prebid_v4_21.js
hb.adpone.com/ Frame A4E4 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=5a53537a17bd44ad82d5176115d03d729&cb=4418541637997919644
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nO%2Bwo8ZgyDKiEyWAco6pzRGYIhjWQcwn%2FR2%2Fh%2FSog8rKbgzBB7nt%2FttQM3QmQu8nB0TqzgrkYZzfPSEox7zrp1FxMvP7sSbDukwh%2FKulD0hg2B0rBvS2OEkUdGZWg0Ig9QHmsXdH9atRhRE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f37f9412c4e-FRA
prebid_v4_21.js
hb.adpone.com/ Frame 7BC4 		302 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hb.adpone.com/prebid_v4_21.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=4e0ac44bc5a2e0e5c22c8af2178591cf3&cb=4919941637997919647
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:b19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4498
x-amz-request-id
8X8Z2AAXWD3RZ6XD
x-amz-id-2
bSmexo+TrMnKkcWOI6Tqa7TCfeGYYHMT4OsTT33XH7Bv6B0BShSDWSBlAdxGZAhGTnfnIdpPonw=
last-modified
Mon, 08 Feb 2021 16:04:15 GMT
server
cloudflare
etag
W/"7c64ec269c372f63980a99b0d62ff80e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9G9TvyM21MsqUuA3H8nfWsR4nmSu2Y8cwMSYqRglARUiCs8sGz6ge%2FLb5R%2Fn6C4GVGVQIGABZBArjfzLVdr5LSgPnaH5vR5y6MT93NxEX44KBL8IVdxLTV9SyCgvGkZh71dGzGIHEOZzXJ0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
x-amz-version-id
4iEuyd4JotkFGoSUTSV1UffB3iHQiIcX
cf-ray
6b499f3829772c4e-FRA
sync
ap.lijit.com/ Frame 6F82 		80 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/sync
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/www/delivery/fpi.js?z=660774&width=970&height=90
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx /
Resource Hash
fbd7d5de5e7a55ea07ecf232b58b99732dee1f0900e59e4e8374ebab8ad52c43

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Last-Modified
Fri, 19 Nov 2021 18:51:37 GMT
Server
nginx
ETag
W/"6197f239-14155"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=86400, must-revalidate
Transfer-Encoding
chunked
X-Sovrn-Pod
ad_ap5ams1
Expires
Sun, 28 Nov 2021 07:25:20 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=1&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=428975119&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997920%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072520%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997920&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
last-modified
Sat, 27-Nov-2021 07:25:20 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:20 GMT
/
g.themoneytizer.net/g/ Frame 8EA5 		26 B
270 B 		Script
General
Check archive.org
Download Go to
Full URL
https://g.themoneytizer.net/g/
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.145 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
278393caf9e3b1246267fb79e95027449f041bbf8e8774a4cf46d72cc09b7405

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx
X-IPLB-Request-ID
6DC98F3F:8857_91EFC191:01BB_61A1DD60_188D381:CC1F
X-IPLB-Instance
29894
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
moneybile.js
ads.themoneytizer.com/ Frame 8EA5 		38 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/moneybile.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/gen.js?type=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Fri, 12 Mar 2021 17:07:19 GMT
server
nginx
etag
"604b9fc7-981e"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
cache-control
max-age=604800
accept-ranges
bytes
content-length
16267
expires
Sat, 04 Dec 2021 07:24:33 GMT
/
c.tmyzer.com/c/ Frame 8EA5 		0
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.tmyzer.com/c/?s=49798&f=1&fi=99
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.38.64.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx
X-IPLB-Request-ID
6DC98F3F:9597_36264064:01BB_61A1DD60_1DDAABAE:990F
X-IPLB-Instance
20686
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
smart.js
ced-ns.sascdn.com/diff/js/ Frame 8EA5
Redirect Chain
  • https://ww1097.smartadserver.com/config.js?nwid=1097
  • https://ced-ns.sascdn.com/diff/js/smart.js
81 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ced-ns.sascdn.com/diff/js/smart.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
2a02:26f0:1700:f::1737:a1b0 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8fceb9666c98db92674eadc3bf22b5811f633e794c6400d43d9e1075e9d7618d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Last-Modified
Thu, 14 Oct 2021 07:37:07 GMT
Server
AkamaiNetStorage
ETag
"dd8f4c5a387008ec698123592c1e7a85:1634197388.862531"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23942

Redirect headers

location
https://ced-ns.sascdn.com/diff/js/smart.js
date
Sat, 27 Nov 2021 07:25:19 GMT
content-length
0
sync
gum.criteo.com/ Frame 8EA5 		49 B
362 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:19 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
1636
content-length
165
expires
60
libJsLP.js
tag.leadplace.fr/ Frame 8EA5 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.leadplace.fr/libJsLP.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Last-Modified
Thu, 07 Oct 2021 11:26:48 GMT
Server
nginx/1.14.2
X-IPLB-Request-ID
6DC98F3F:A925_91EFC133:01BB_61A1DD60_31D0F847:10912
ETag
"615ed978-15ab"
X-IPLB-Instance
29923
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
5547
/
onetag-sys.com/usync/ Frame 5AB1 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1637997920063
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 5B33 		429 B
812 B 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7b729ec3ea0bc142ebe3c5cd09872cb689eb161e64d8adcdf6cf2f03e970c4d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/html
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://runwaff.com
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6b499f38d89a6922-FRA
content-encoding
br
quant.js
secure.quantserve.com/ Frame 8EA5 		24 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
etag
"FMCWFRCBdbNj8Eh2c0G78Q=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
expires
Sat, 04 Dec 2021 07:25:20 GMT
px.js
p.cpx.to/p/12762/ Frame 8EA5 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cpx.to/p/12762/px.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.33.224.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-33-224-140.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bed90df04dc55371203229b11e3d9e5eb3f8c5753af82611cd2bfd06bef1495d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Cache-Control
max-age=2419200, public
Connection
keep-alive
Content-Length
3479
Content-Type
application/javascript; charset=UTF-8
notifyme.js
d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/ Frame 8EA5 		25 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.101.224 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-101-224.fra50.r.cloudfront.net
Software
Apache /
Resource Hash
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 00:18:33 GMT
Via
1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
Last-Modified
Mon, 18 Feb 2019 16:54:28 GMT
Server
Apache
Age
26095
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
X-Amz-Cf-Pop
FRA50-C1
Accept-Ranges
bytes
Content-Length
25704
X-Amz-Cf-Id
5ERIGiwZDiB9n8OFl6TzOW6rHJIe8s8XD7o5AFDJZaFZcQgaMj3Yrg==
186329-261067657875242.js
js-sec.indexww.com/ht/p/ Frame 8EA5 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Last-Modified
Sat, 27 Nov 2021 07:00:31 GMT
Server
Apache
ETag
"90598a-930b-5d1bfc36c36dc"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2367
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
12788
Expires
Sat, 27 Nov 2021 08:04:47 GMT
prebid.js
ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/ Frame 8EA5 		552 KB
166 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
1e1a489be9344fb41ef3a7aa4287f6732ad45ca110a5bc6710a9024ea02c37f9

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
public
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 22 Nov 2021 17:14:59 GMT
server
nginx
etag
W/"619bd013-8a16c"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
cache-control
max-age=604800
accept-ranges
bytes
expires
Sat, 04 Dec 2021 07:25:20 GMT
1.gif
id5-sync.com/c/12/0/9/ Frame 8EA5
Redirect Chain
  • https://id5-sync.com/i/12/9.gif?gdpr=&gdpr_consent=
  • https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
51.195.5.40 , France, ASN16276 (OVH, FR),
Reverse DNS
p17.id5-sync.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:10 GMT
Transfer-Encoding
chunked
Content-Type
image/gif;charset=UTF-8
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"

Redirect headers

Location
https://id5-sync.com/c/12/0/9/1.gif?gdpr=1&gdpr_consent=
Date
Sat, 27 Nov 2021 07:25:10 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 42E1 		60 B
268 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
09890daca99ac7e2841f75cb53c5910df0370160b67ebefc699495df6774b0e9

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
private
expires
Thu, 24 Feb 2022 23:16:37 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
60
content-type
text/html; charset=UTF-8
sync
gum.criteo.com/ Frame 1B9F 		51 B
366 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=17494273
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:19 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
1618
content-length
169
expires
60
ttj
secure.adnxs.com/ Frame 1B9F 		0
1019 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/ttj?ttjb=1&bdc=1637997919&bdh=tKO_jYpdGG_IBK3zHnABOg_hOcs.&&bdref=https%3A%2F%2Fbuhgalter911.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fbuhgalter911.com%2F,https%3A%2F%2Frunwaff.com%2Fstats%3Fi%3Drf07l732vciakgacx3n4%26a%3D3c0f5400ba98f8cac9b313d902398d0a1%26cb%3D6580791637997919642&&id=17494273
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=17494273
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
15a9ddea-9f75-4edd-a1a8-39639d7509dc
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
integrator.js
adservice.google.nl/adsid/ Frame 7A3F 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 7A3F 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=buhgalter911.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 7A3F 		28 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2746888322727205&correlator=4424628204030842&output=ldjh&impl=fifs&eid=31060979%2C31063810%2C31061030%2C31062931&vrg=2021111601&ptt=17&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=21671350435%3A141806220%2C970x90-buhgalter911.com&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&cookie=ID%3Da3ee430318fc9197%3AT%3D1637997917%3AS%3DALNI_MaQJL4RNQmddoDZ7fhGs9RP4KR16g&cdm=buhgalter911.com&bc=31&abxe=1&lmt=1637997920&dt=1637997920093&dlt=1637997919622&idt=460&ea=0&frm=23&biw=1600&bih=1200&isw=970&ish=90&oid=2&adxs=405&adys=40&adks=2088783226&ucis=rw487hnaws2k&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=2&url=https%3A%2F%2Fbuhgalter911.com%2F&top=https%3A%2F%2Fbuhgalter911.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x90&msz=970x-1&ga_vid=863088088.1637997917&ga_sid=1637997920&ga_hid=38807335&ga_fc=true&fws=256&ohw=0&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
813174c4a405bf6b4a59be30ff0be2a4af80478ba13eee3a541ebe77baf1f1f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11845
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 7A3F 		12 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef519f1596b0ac32e280177a07972896261b0ee30f975c49353641ab29c7d9a4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9389
x-xss-protection
0
container.html
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2CA7 		6 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 07:25:20 GMT
expires
Sun, 27 Nov 2022 07:25:20 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cdb
bidder.criteo.com/ Frame B579 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=116&profileId=184&cb=92979582417
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
pubads_impl_2021111601.js
securepubads.g.doubleclick.net/gpt/ Frame 5241 		344 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
sffe /
Resource Hash
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
118471
x-xss-protection
0
last-modified
Tue, 16 Nov 2021 09:34:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 27 Nov 2021 07:25:20 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame E239 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
impress
exchange.adtrue.com/delivery/ Frame 02A1 		640 B
851 B 		Script
General
Check archive.org
Download Go to
Full URL
https://exchange.adtrue.com/delivery/impress?pzoneid=14780&ref=https%3A%2F%2Fbuhgalter911.com%2F&cb=3264462715&timeZone=0&adWidth=728&adHeight=90&loc=https://buhgalter911.com/
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.211.223.103 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-211-223-103.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
08d781d864042c446c11c1d0d3714595870c891f11c28b87b99164d7e3d0a21f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
x-adtrue-instance
java1
content-length
640
content-type
application/javascript
ac
www5.smartadserver.com/ Frame DC1B 		22 B
349 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www5.smartadserver.com/ac?nwid=1743&siteid=328191&pgid=1157723&fmtid=73926&async=1&visit=m&tmstp=1073369301&tag=sas_73926&sh=1200&sw=1600&pgDomain=https%3A%2F%2Fbuhgalter911.com%2F&noadcbk=sas.noad&isLazy=0&isAdRefresh=0
Requested by
Host: ced.sascdn.com
URL: https://ced.sascdn.com/tag/1743/smart.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.140 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
f90127e896d7f8650493b51b64dbb4163a8fb95d908863749c49c87ee61dbd2f

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
5%3b22%3b84
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
transfer-encoding
chunked
content-type
application/javascript; charset=UTF-8
adcfg
ap.lijit.com/ Frame 6F82 		158 B
534 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/adcfg?zoneid=660774&tid=9530218a82cb4818822a77d3956d9ad9a58cefea&mode=1&dmn=buhgalter911.com
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
bba763856e9cd68a4d84522a4a6efbb6c779779c071954d406d21090d1b1e29b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
145
syncframe
gum.criteo.com/ Frame 68E0 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
1913
date
Sat, 27 Nov 2021 07:25:19 GMT
content-length
4683
1460228-55.js
smarttag.rubiconproject.com/a/17210/290974/ Frame 9353 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.46243374647793556&tk_st=1&rf=https%3A//buhgalter911.com/&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Requested by
Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
d7ea79f7dd4beb251b942a9ba212b900dd297664f686251e9fc764642dc28b3d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Content-Length
838
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
ads.projectagoraservices.com/ Frame EAAD 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=98f4e4faa4233f870087ce42c5a513e95&cb=1345621637997919630
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
17210.js
ads.rubiconproject.com/ad/ Frame 9EFF 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/17210.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.35.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-35-65.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=8701
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8916
Expires
Sat, 27 Nov 2021 09:50:21 GMT
events
bidder.criteo.com/csm/ Frame B579 		0
184 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
pixel.gif
static.criteo.net/images/ Frame B579 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=1
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"493ea254-2b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
43
expires
Tue, 22 Nov 2022 07:25:20 GMT
pixel.gif
static.criteo.net/images/ Frame B579 		43 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.criteo.net/images/pixel.gif?ch=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
last-modified
Tue, 09 Dec 2008 16:52:36 GMT
server
nginx
cross-origin-embedder-policy
require-corp
etag
"493ea254-2b"
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31104000, public
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
43
expires
Tue, 22 Nov 2022 07:25:20 GMT
/
ads.projectagoraservices.com/ Frame F4DB 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=53b2002c59d3e5f630751881f15474be9&cb=2010711637997919628
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
/
ads.projectagoraservices.com/ Frame 75C2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=69ea1948c62a33cfec0ab584a19243e31&cb=0876431637997919643
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 7A3F 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 07:25:20 GMT
/
ads.projectagoraservices.com/ Frame 7883 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=5a53537a17bd44ad82d5176115d03d729&cb=4418541637997919644
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
/
ads.projectagoraservices.com/ Frame EFC1 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=4e0ac44bc5a2e0e5c22c8af2178591cf3&cb=4919941637997919647
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
/
sumo.com/api/load/ 		853 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sumo.com/api/load/
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
50f3d88597851c499663c1552673d400bf24afc4aaf46586e932926e0d10094e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
vary
Origin, Accept-Encoding
server
nginx/1.18.0
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
853
/
adx.adform.net/adx/ Frame 8290
Redirect Chain
  • https://adx.adform.net/adx/?rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195
  • https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195
929 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8a0a7e4a96032fef0fb0f8df402c1f68d093b00cf72e1aeb282f1b57126a5f42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
875
expires
-1

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
location
https://adx.adform.net/adx/?CC=1&rp=3&bWlkPTczMzU5OSZybmQ9NXJnNjkxcG41bjNjdzUxZGdkcWc&url=https%3A%2F%2Fbuhgalter911.com&callback=_adform_cb_1637997920292_4277914397642195
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
rid
match.adsrvr.org/track/ Frame 8EA5 		109 B
541 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186329
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
dc2d61e74a02e5141a305637fcadc24ab1abf715d634a1bbcb181b37f45fa78f

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://runwaff.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Mon, 27 Dec 2021 07:25:20 GMT
identity
api.rlcdn.com/api/ Frame 8EA5 		44 B
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://runwaff.com
access-control-allow-credentials
true
alt-svc
clear
content-length
44
rules-p-6Fv0cGNfc_bw8.js
rules.quantcount.com/ Frame 8EA5 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:8e00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 06:50:10 GMT
content-encoding
gzip
age
2111
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
last-modified
Mon, 19 Mar 2018 22:28:36 GMT
server
AmazonS3
etag
W/"9a93052877e57b42aeefaab6e7ec5f90"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 c6702f5f3b6e77da6f394e67ef1a6aab.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
TWG25mQpNx77mouIK0g0FyIbXodZ_fcRnQFZTvWpifvmpzgeBVqWhA==
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame EAAD 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
localstore.js
script.4dex.io/ Frame 8EA5 		483 B
943 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
770064
x-amz-request-id
tx20fcbba173164c66b29ed-0061961d50
x-amz-id-2
tx20fcbba173164c66b29ed-0061961d50
last-modified
Thu, 18 Nov 2021 09:29:40 GMT
server
cloudflare
etag
W/"922cffdd75f7192f75231d92684885aa"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQR5%2FhN3GGaz%2B6okQqeJfnDkdKZkWI67AAx7cMh5lXwKAAPY0PsJUKiBhvzx3dCluU%2BcRafAfPXhnmK0Gdqyi6uvIwb5X8yeWSNzsiIDuU9%2BjZLePg1JB2qKnbg%2BuzEijGgXPWvoyisQd5Rj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=1800
x-amz-version-id
1637227780937425
cf-ray
6b499f3a999a1456-FRA
cygnus
htlb.casalemedia.com/ Frame 8EA5 		6 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=436285&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221ff9250d919628%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fbuhgalter911.com%2F%22%2C%22page%22%3A%22https%3A%2F%2Fbuhgalter911.com%2F%22%2C%22name%22%3A%22buhgalter911.com%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A4%2C%22msi%22%3A4%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%225.19.0%22%2C%22userIds%22%3A%5B%22pubcid%22%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222922ce0911d4f6%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22436285%22%2C%22sid%22%3A%22728x90%22%2C%22fl%22%3A%22x%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22436285%22%2C%22sid%22%3A%22320x50%22%2C%22fl%22%3A%22x%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%2C%22ext%22%3A%7B%22siteID%22%3A%22436285%22%2C%22sid%22%3A%22300x50%22%2C%22fl%22%3A%22x%22%7D%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22436285%22%2C%22sid%22%3A%22320x100%22%2C%22fl%22%3A%22x%22%7D%7D%2C%7B%22w%22%3A300%2C%22h%22%3A100%2C%22ext%22%3A%7B%22siteID%22%3A%22436285%22%2C%22sid%22%3A%22300x100%22%2C%22fl%22%3A%22x%22%7D%7D%5D%7D%2C%22bidfloor%22%3A0.01%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22themoneytizer.com%22%2C%22sid%22%3A%2221982%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-31-84-150.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
dd34214c43af0cda28469cdea1b2261b60822b1dfb8cde7ad909e2a1611c0c58

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
x-ak-initial-geo
CC:[NL], RC:[], CN:[EU], CIP:[109.201.143.63], XFF:[]
server
Apache
content-type
application/json
access-control-allow-origin
https://runwaff.com
x-cs-client-geo
12
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
6376
x-ak-client-geo
12
expires
Sat, 27 Nov 2021 07:25:20 GMT
arj
moneytizer-d.openx.net/w/1.0/ Frame 8EA5 		73 B
163 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://moneytizer-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fbuhgalter911.com%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&nocache=1637997920359&pubcid=c64d6732-2c5f-4aa1-bd00-c184da9069b3&schain=1.0%2C1!themoneytizer.com%2C21982%2C1%2C%2C%2C&aus=728x90%2C320x50%2C300x50%2C320x100%2C300x100&divids=26322&aucs=&auid=540933994
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
1f0830adc526d413b6f8c3cff6c2fc0ed15c28f48fbd5913023bda5b4bc165df

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
server
OXGW/16.221.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://runwaff.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT
adjson
ssp.otm-r.com/ Frame 8EA5 		2 B
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.otm-r.com/adjson?tz=0&w=728&h=90&domain=&l=https%3A%2F%2Fbuhgalter911.com%2F&s=2036&cur=RUB&bidid=61a6c9b4cece2f&transactionid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&auctionid=3be91c70-0bd8-4c6b-aca2-60ba96d13769&bidfloor=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.65.66 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.66.65.201.138.clients.your-server.de
Software
nginx/1.19.7 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx/1.19.7
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
2
expires
0
adjson
ssp.otm-r.com/ Frame 8EA5 		2 B
296 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.otm-r.com/adjson?tz=0&w=320&h=50&domain=&l=https%3A%2F%2Fbuhgalter911.com%2F&s=2036&cur=RUB&bidid=61a6c9b4cece2f&transactionid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&auctionid=3be91c70-0bd8-4c6b-aca2-60ba96d13769&bidfloor=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.65.66 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.66.65.201.138.clients.your-server.de
Software
nginx/1.19.7 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx/1.19.7
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
2
expires
0
adjson
ssp.otm-r.com/ Frame 8EA5 		2 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.otm-r.com/adjson?tz=0&w=300&h=50&domain=&l=https%3A%2F%2Fbuhgalter911.com%2F&s=2036&cur=RUB&bidid=61a6c9b4cece2f&transactionid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&auctionid=3be91c70-0bd8-4c6b-aca2-60ba96d13769&bidfloor=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.65.66 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.66.65.201.138.clients.your-server.de
Software
nginx/1.19.7 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx/1.19.7
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
2
expires
0
adjson
ssp.otm-r.com/ Frame 8EA5 		2 B
297 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.otm-r.com/adjson?tz=0&w=320&h=100&domain=&l=https%3A%2F%2Fbuhgalter911.com%2F&s=2036&cur=RUB&bidid=61a6c9b4cece2f&transactionid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&auctionid=3be91c70-0bd8-4c6b-aca2-60ba96d13769&bidfloor=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.65.66 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.66.65.201.138.clients.your-server.de
Software
nginx/1.19.7 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx/1.19.7
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
2
expires
0
adjson
ssp.otm-r.com/ Frame 8EA5 		2 B
296 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.otm-r.com/adjson?tz=0&w=300&h=100&domain=&l=https%3A%2F%2Fbuhgalter911.com%2F&s=2036&cur=RUB&bidid=61a6c9b4cece2f&transactionid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&auctionid=3be91c70-0bd8-4c6b-aca2-60ba96d13769&bidfloor=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
138.201.65.66 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.66.65.201.138.clients.your-server.de
Software
nginx/1.19.7 /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx/1.19.7
vary
Origin
content-type
application/javascript
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
2
expires
0
prebid
ib.adnxs.com/ut/v3/ Frame 8EA5 		50 B
881 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
396520e4-a47a-455e-8508-aac8d67efead
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
50
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
moneybid.js
ads.themoneytizer.com/bidder1/ Frame 8EA5 		624 B
634 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.themoneytizer.com/bidder1/moneybid.js?siteid=49798&adid=1&formatid=26322&size=desktop
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.241.23 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
8887f8505f7f4d3e6d0d0aad1ded9585f1c752423a1c9074b7bc8baa67d44cab

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
x-cache
HIT
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
expires
Sat, 04 Dec 2021 07:25:20 GMT
prebid
mp.4dex.io/ Frame 8EA5 		120 B
526 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0351bb28a4d725699f66cdac44182c3712aed490ffbc15b68c8924eb7c56fb1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://runwaff.com
expires
0
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
strict-transport-security
max-age=63072000
cf-ray
6b499f3aac0a1f45-FRA
x-err
Validating the Prebid Request adunits. Sampled or No valid non-debug AdUnits
cdb
bidder.criteo.com/ Frame 8EA5 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=5.19.0&cb=65511801305
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
ROS
pbjs.e-planning.net/pbjs/1/2a156/1/buhgalter911.com/ Frame 8EA5 		427 B
746 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pbjs.e-planning.net/pbjs/1/2a156/1/buhgalter911.com/ROS?rnd=0.11286936862179031&e=26322%3A320x50%2C300x50%2C728x90%2C320x100%2C300x100&ur=https%3A%2F%2Fbuhgalter911.com%2F&pbv=5.19.0&ncb=1&vs=F&crs=UTF-8&fr=https%3A%2F%2Fbuhgalter911.com%2F&e_pubcid=f41ebb36-ced0-48f3-b21d-d95649a666ed
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.246 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
d525df3328bd087b7ffe17507933ceddd5664b2e33909c9c363261c9c2bdb01a

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
server
openresty
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin
https://runwaff.com
expires
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
427
x-sid
AMS-605
hb
ice.360yield.com/ Frame 8EA5 		99 B
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ice.360yield.com/hb?jsonp=%7B%22bid_request%22%3A%7B%22secure%22%3A1%2C%22id%22%3A%2227db84aaa671ea7%22%2C%22version%22%3A%227.4.0-JS-6.4.0%22%2C%22referrer%22%3A%22https%3A%2F%2Fbuhgalter911.com%2F%22%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22themoneytizer.com%22%2C%22sid%22%3A%2221982%22%2C%22hp%22%3A1%7D%5D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22f41ebb36-ced0-48f3-b21d-d95649a666ed%22%2C%22atype%22%3A1%7D%5D%7D%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2218936c19b202a6c%22%2C%22pid%22%3A%2222168195%22%2C%22tid%22%3A%229d3c878b-718e-44c4-aa63-f8aed6fb8edf%22%2C%22banner%22%3A%7B%22format%22%3A%5B%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%7B%22w%22%3A320%2C%22h%22%3A50%7D%2C%7B%22w%22%3A300%2C%22h%22%3A50%7D%2C%7B%22w%22%3A320%2C%22h%22%3A100%7D%2C%7B%22w%22%3A300%2C%22h%22%3A100%7D%5D%7D%7D%5D%7D%7D
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.80.191.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-99-80-191-196.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
86df79a7e63417bc744f4d04562e942f26620589d098e90cd6a00ed4df31c3cc

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
99
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
prebid-request
onetag-sys.com/ Frame 8EA5 		15 B
358 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin
https://runwaff.com
cache-control
no-transform, no-cache
access-control-allow-credentials
true
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 8EA5 		13 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=11740&site_id=39550&zone_id=1078234&size_id=2&alt_size_ids=19%2C43%2C44%2C117&p_pos=atf&rp_schain=1.0,1!themoneytizer.com,21982,1,,,&eid_pubcid.org=f41ebb36-ced0-48f3-b21d-d95649a666ed%5E1&rf=https%3A%2F%2Fbuhgalter911.com&kw=49798&tg_i.name=buhgalter911.com&tg_i.siteid=49798&tk_flint=pbjs_lite_v5.19.0&x_source.tid=9d3c878b-718e-44c4-aa63-f8aed6fb8edf&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&rp_maxbids=1&slots=1&rand=0.16218565711435096
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
3439354c938f62214ecc9a39e0152c039dd5f4c6b875c2a0b19e17639fdb4164

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
7110
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 8EA5 		14 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0e77b06cae845567053bea2ea2b7634e71963370e008899760dddea795ee7e8c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
193ba5db-89ef-468d-a8bc-0bd6301c5953
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adjson
ads.betweendigital.com/ Frame 8EA5 		2 B
301 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.betweendigital.com/adjson?t=prebid
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-encoding
gzip
vary
Accept-Encoding
content-type
application/json
integrator.js
adservice.google.nl/adsid/ Frame 5241 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.nl/adsid/integrator.js?domain=runwaff.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ Frame 5241 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=runwaff.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ Frame 5241 		0
23 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3341503723144202&correlator=1765210338649817&output=ldjh&impl=fif&eid=31063811%2C31063813%2C31061166%2C31063182&vrg=2021111601&ptt=17&gdpr_consent=tcunavailable&tcfe=3&sc=1&sfv=1-0-38&ecs=20211127&iu_parts=141806220%2C970x90_911_passback&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&cdm=runwaff.com&bc=31&abxe=1&lmt=1637997920&dt=1637997920388&dlt=1637997919862&idt=513&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=970&ish=90&oid=2&adxs=0&adys=0&adks=85156198&ucis=2r5n01sjrtmo&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Frunwaff.com%2Fsend%3Fi%3Drf07l732vciakgacx3n4%26a%3Df5e96ef64602be065840c9b0c393d0799%26cb%3D0266181637997919652&ref=https%3A%2F%2Fbuhgalter911.com%2F&top=https%3A%2F%2Fbuhgalter911.com%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=970x90&msz=970x0&ga_vid=590592450.1637997920&ga_sid=1637997920&ga_hid=2045244329&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-creative-id
-2
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 95BE 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 07:25:20 GMT
expires
Sun, 27 Nov 2022 07:25:20 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
addelivery
ap.lijit.com/ Frame 6F82 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/addelivery?zoneid=660774&tid=a_660774_f84c9d8fad1d4a18923802ba9b6ff797&cb=undefined&mode=1&ifr=true&od=buhgalter911.com&time=07%3A25%3A20&fd=1&be=cr&loc=https%3A%2F%2Fbuhgalter911.com%2F&orig_loc=https%3A%2F%2Fbuhgalter911.com%2F&abf=true&dpz=false&cv=undefined&dop=0&ndw=1&spif=true&btid=a_660774_f84c9d8fad1d4a18923802ba9b6ff797
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
13ddea47b8f9779ed3837a2f3f5e7a92a86f6435e4272403bbf760f869a7a849

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
804
1460228-2.js
smarttag.rubiconproject.com/a/17210/290974/ Frame 9EFF 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smarttag.rubiconproject.com/a/17210/290974/1460228-2.js?&cb=0.41829812491313123&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_2&rp_secure=1
Requested by
Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
ef9a09a8d906d4a382b0ac6d8d13233b9f13c4dbc71daecbc3ee2ef93e8ea5e5

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Content-Length
832
Expires
Wed, 17 Sep 1975 21:32:10 GMT
mw
mwzeom.zeotap.com/ Frame 5B33
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESEBO3dBQUstarXGnpiu5X_5c&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04...
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESEBO3dBQUstarXGnpiu5X_5c&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6b499f3b7e4e6922-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESEBO3dBQUstarXGnpiu5X_5c&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
450
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cmp.min.js
spl.zeotap.com/ Frame 5B33 		541 B
499 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691ec3b2f88d43a6192f5bacfcdb304666be09343eac58c59b1e3f8ae650ae13

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cf-ray
6b499f3a9c3a6922-FRA
date
Sat, 27 Nov 2021 07:25:20 GMT
via
1.1 google
cf-cache-status
MISS
last-modified
Sat, 27 Nov 2021 07:25:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame F4DB 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 75C2 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
showad.js
ads.pubmatic.com/AdServer/js/ Frame 0DED 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

last-modified
Tue, 19 Oct 2021 10:00:01 GMT
etag
"1302647-96ae-5ceb1b98ba7c4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13882
content-type
text/html; charset=UTF-8
cache-control
public, max-age=77466
expires
Sun, 28 Nov 2021 04:56:26 GMT
date
Sat, 27 Nov 2021 07:25:20 GMT
vary
Accept-Encoding
showad.js
ads.pubmatic.com/AdServer/js/ Frame 4FD9 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

last-modified
Tue, 19 Oct 2021 10:00:01 GMT
etag
"1302647-96ae-5ceb1b98ba7c4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13882
content-type
text/html; charset=UTF-8
cache-control
public, max-age=77466
expires
Sun, 28 Nov 2021 04:56:26 GMT
date
Sat, 27 Nov 2021 07:25:20 GMT
vary
Accept-Encoding
AdServerServlet
sshowads.pubmatic.com/AdServer/ Frame 42E1 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sshowads.pubmatic.com/AdServer/AdServerServlet?pubId=156383&siteId=631466&adId=2458268&kadwidth=970&kadheight=90&SAVersion=2&js=1&kdntuid=1&pageURL=https%3A%2F%2Fbuhgalter911.com%2F&inIframe=1&kadpageurl=buhgalter911.com&schain=1.0%2C1!adpone.com%2Cfc45e59d434ebbb738c3&operId=3&sec=1&kltstamp=2021-11-27%207%3A25%3A20&timezone=0&screenResolution=1600x1200&ranreq=0.6620496830747034&pmUniAdId=0&adVisibility=0&adPosition=-1x-1&pm_uid_bc=D64B5724-3FF3-4FB5-B55C-ECD8BF3153E0&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.75 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8e5e9a0751b18384e0e3de2ebf4f57a8572d7d4fd25b43f74352a6e7d59c9127

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 7883 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
container.html
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8FAE 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Sat, 27 Nov 2021 07:25:20 GMT
expires
Sun, 27 Nov 2022 07:25:20 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, immutable, max-age=31536000
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.0.0/ Frame 8EA5 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Requested by
Host: d2zur9cc2gf1tx.cloudfront.net
URL: https://d2zur9cc2gf1tx.cloudfront.net/a96081b6-db78-48c4-9f82-b93e316fb1f7/notifyme.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 04:39:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
96363
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30186
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Sat, 26 Nov 2022 04:39:17 GMT
fire.js
s.cpx.to/ Frame 8EA5 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.cpx.to/fire.js?pid=12762&ref=https%3A%2F%2Fbuhgalter911.com%2F&hn_ver=20&fid=face160a-a46e-4d75-a385-19d08b0d37e2&dsp=pub_common&dsp_uid=c64d6732-2c5f-4aa1-bd00-c184da9069b3
Requested by
Host: p.cpx.to
URL: https://p.cpx.to/p/12762/px.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
fc6a34829afafad6cee5c547107143e0ef6a08b84cc66a75a914e4bdb627bec2
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Content-Length
1066
Expires
Mon, 15 Nov 2021 11:32:34 UTC
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame EFC1 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
sid
mug.criteo.com/ Frame 68E0
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=0&topUrl=buhgalter911.com&lsw=1
  • https://mug.criteo.com/sid?cpp=HWfchnw2bnpsejVmWFFVZDUzTzE5WEZjak1hTGE1UEd2a3JIdHphbHFBM3Z0R216N25xQ3JNanc1NHpkQi9aemMxZXR2T0ZMbm9jRUtHdWlzKzVBbXV3ZUNjQnkwTmZ2L0xBZmRzMGVkckp6SzhGTXB4SlFvL3J3VkdNTk...
433 B
627 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=HWfchnw2bnpsejVmWFFVZDUzTzE5WEZjak1hTGE1UEd2a3JIdHphbHFBM3Z0R216N25xQ3JNanc1NHpkQi9aemMxZXR2T0ZMbm9jRUtHdWlzKzVBbXV3ZUNjQnkwTmZ2L0xBZmRzMGVkckp6SzhGTXB4SlFvL3J3VkdNTkROdzVlOHR2RGNCRGU3eld4L0Y2UXFlcHg3S3Z0UExnYlhGU0JqelNZd01ic3dmbFM0ZFhMbzRCNGVHb0M0NWxVeVpRblhWZmxrT0wzYjRkN3VlRFFXcEUwT2FvVUUwU0MwM0hBMWgvM1k5amh6RWx3enB4dWVSS25pem1HR01qeUZqQXZLM0hDZXY0aG1EQ1pWYUhENmJxTmYvSmxCQW1PSTYvTHpYTDd2MDkvMUoxdjBsZz18&cppv=2
Requested by
Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
5ac6d10c50a718205d0a6a9c86e7b0e6fe26a4f4f41ed83cc4f8c47ccfb531a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:19 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2871
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=HWfchnw2bnpsejVmWFFVZDUzTzE5WEZjak1hTGE1UEd2a3JIdHphbHFBM3Z0R216N25xQ3JNanc1NHpkQi9aemMxZXR2T0ZMbm9jRUtHdWlzKzVBbXV3ZUNjQnkwTmZ2L0xBZmRzMGVkckp6SzhGTXB4SlFvL3J3VkdNTkROdzVlOHR2RGNCRGU3eld4L0Y2UXFlcHg3S3Z0UExnYlhGU0JqelNZd01ic3dmbFM0ZFhMbzRCNGVHb0M0NWxVeVpRblhWZmxrT0wzYjRkN3VlRFFXcEUwT2FvVUUwU0MwM0hBMWgvM1k5amh6RWx3enB4dWVSS25pem1HR01qeUZqQXZLM0hDZXY0aG1EQ1pWYUhENmJxTmYvSmxCQW1PSTYvTHpYTDd2MDkvMUoxdjBsZz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1869
content-length
567
expires
0
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame E239 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
/
ads.projectagoraservices.com/ Frame 9353 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.46243374647793556&tk_st=1&rf=https%3A//buhgalter911.com/&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:20 GMT
8a1bbe58-394b-4b2f-893a-4f31f56c5cb4
beacon-ams3.rubiconproject.com/beacon/d/ Frame 9353 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/8a1bbe58-394b-4b2f-893a-4f31f56c5cb4?oo=0&accountId=17210&siteId=290974&zoneId=1460228&sizeId=55&e=6A1E40E384DA563B3E3F884601FF575D677673B86BFC3A1C4E5E2F09F7ABBB1B6B9036D195236F7E93AEAB5484AF1CB1FE5D718BBE08EF1CF3715DC7276050201C33EC3167123979536EA199911386B664F8EA6123DAAC47EF9299DF631C890D95A66CCB9FFD0F30C158F6A742401DFC109478760DFABCFE32997889F1DA11D8
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 0E68 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 26 Nov 2021 22:14:12 GMT
expires
Sat, 26 Nov 2022 22:14:12 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
33068
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 97CA 		783 B
536 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ceca6a8acc9e1eb6c9720b0ec03fe602bedfeeb7fed332cdd4c3c2252b4274a3
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7Epzcoy0kz/Kf2B92N36zQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 07:25:20 GMT
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-7Epzcoy0kz/Kf2B92N36zQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
514
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame EAAD 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
cmp
spl.zeotap.com/ Frame 5B33 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&id_mid_4=9352192c-dbb0-41e0-68d0-3a2acb082349&reqId=065208a3-831a-4820-42e1-f04c57a77f38&uc=2&zdid=1258
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://spl.zeotap.com/?env=mWeb&uc=2&zdid=1258&eventType=map

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6b499f3b6e1f6922-FRA
headerstats
as-sec.casalemedia.com/ Frame 8EA5 		0
424 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=415712&u=https%3A%2F%2Fbuhgalter911.com%2F&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186329-261067657875242.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-AK-INITIAL-GEO
CC:[NL], RC:[], CN:[EU], CIP:[109.201.143.63], XFF:[]
Server
Apache
Access-Control-Allow-Origin
https://runwaff.com
X-CS-CLIENT-GEO
12
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
X-AK-CLIENT-GEO
12
Expires
Sat, 27 Nov 2021 07:25:20 GMT
/
ads.projectagoraservices.com/ Frame 9EFF 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5754&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/17210/290974/1460228-2.js?&cb=0.41829812491313123&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_2&rp_secure=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cea20bf889f139baf9c5fe8cc267ed2a210950113b7f5a422949fa4b0f662daf

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1094
expires
Sat, 27 Nov 2021 07:25:20 GMT
4274a7b5-ef60-4908-aab5-c5566c707c82
beacon-ams3.rubiconproject.com/beacon/d/ Frame 9EFF 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/4274a7b5-ef60-4908-aab5-c5566c707c82?oo=0&accountId=17210&siteId=290974&zoneId=1460228&sizeId=2&e=6A1E40E384DA563B39AAEC891E5318FD7384CD0A15EEF89AAE7134A3121F045E8052B3803FDE72EB57DEE6A045EC74A3FE5D718BBE08EF1CBEC50EACE289A534B39FB19D0B59842193D6B51B7FA0AE1463AF685AF18256F3705059EF4D5C2D87D36E70E082DA4FC5E05D5E1F62C9C736E1501A5C29ACF5C995BCEA9A1A431B34
Requested by
Host: runwaff.com
URL: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame F4DB 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 75C2 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
adagio.js
script.4dex.io/ Frame 8EA5 		71 KB
22 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4bf1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
770033
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-request-id
txdaf6cb9916904db387282-0061961d6c
x-amz-id-2
txdaf6cb9916904db387282-0061961d6c
last-modified
Thu, 18 Nov 2021 09:29:40 GMT
server
cloudflare
etag
W/"ade00d0c7876260b60ee0cd4912d02bc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=enT%2FgQZgNRYFIVahmc%2BLqwPNtB%2Fm3W%2ByCLk%2FGk%2B9ao2v3FP1YskNyjGJsVHz1jdTStigYJU%2FWynxDmunPlKWwOkOHqe1euSiV%2FWcnKAFy5gc6cMzIKu59zod2Xh6AKgaiAN9FPR4I5w7FnOc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1800
access-control-allow-credentials
true
x-amz-version-id
1637227779984125
cf-ray
6b499f3bed974e0e-FRA
access-control-allow-headers
Authorization
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 7883 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 9353 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
usync.html
eus.rubiconproject.com/ Frame 0FB3 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:20 GMT
Connection
keep-alive
Vary
Accept-Encoding
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame EFC1 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
pixel;r=268494513;labels=Categories.personal-finance;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Frunwaff.com%2Fusync%3Fi%3Drf07l732vciakgacx3n4%26a%3D91081f4b53a95ab308c198cbb582b1f29%26cb%3D789928163...
pixel.quantserve.com/ Frame 8EA5 		35 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=268494513;labels=Categories.personal-finance;rf=0;a=p-6Fv0cGNfc_bw8;url=https%3A%2F%2Frunwaff.com%2Fusync%3Fi%3Drf07l732vciakgacx3n4%26a%3D91081f4b53a95ab308c198cbb582b1f29%26cb%3D7899281637997919631;ref=https%3A%2F%2Fbuhgalter911.com%2F;uht=2;fpan=1;fpa=P0-662696065-1637997920585;pbc=;ns=1;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;d=runwaff.com;je=0;sr=1600x1200x24;dst=0;et=1637997920585;tzo=0;ogl=
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame 0DED 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=30028571&p=156383&s=631466&a=2458268&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
8ec1d91715b229d6b5e17f556933cfe0c8b5b99383607bfce6d6ae0b29e27026

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
17210.js
ads.rubiconproject.com/ad/ Frame 6F82 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/17210.js
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.35.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-35-65.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=8701
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8916
Expires
Sat, 27 Nov 2021 09:50:21 GMT
t.dhj
pxdrop.lijit.com/1/d/ Frame 6F82 		0
225 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pxdrop.lijit.com/1/d/t.dhj?dmn=buhgalter911.com&pn=%2F&pubid=AdPone1&v0=257429
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-227.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Expires
Sat, 27 Nov 2021 07:25:20 GMT
beacon
gslbeacon.lijit.com/ Frame DA18 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://gslbeacon.lijit.com/beacon?viewId=a_660774_f84c9d8fad1d4a18923802ba9b6ff797&rand=8888&informer=13406526&type=fpads&loc=https%3A%2F%2Fbuhgalter911.com%2F&v=1.2
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
nginx / raptor
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
nginx
Date
Sat, 27 Nov 2021 07:25:20 GMT
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma
no-cache
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
X-Powered-By
raptor
X-Sovrn-Pod
ad_ap2ams1
containertag
ap.lijit.com/ Frame 6F82 		34 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/containertag?containerId=18&zoneId=660774&v=2
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
f4203aef3c4b3f3640398647ff0c47cabef29b71915f11e70b5ee0630b8b48ab

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
raptor
Vary
Accept-Encoding
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Transfer-Encoding
chunked
X-Sovrn-Pod
ad_ap5ams1
Content-Type
application/json
Expires
Fri, 20 Mar 2009 00:00:00 GMT
impression
vap5ams1.lijit.com/addelivery/ Frame 6F82 		43 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vap5ams1.lijit.com/addelivery/impression?i_data=lIAdtMM0H-RZV7VGWzKUTLMaLGeZUHAjK9GUOmGJIS7Y0pxSnijEvQfCUzOKfNEe2gjT_IuIK2hboL8AphLdHfaDBhJSv7zWxYrzR-ocPpqkPVc-D4J-PziXuOZFsGmxh9B4c8kj4aD1t__w6Nw9MGdSPXfFn4vA7weCLAYKXMQI1waif9-7ThVswSNziSDmBM2yMCTS6S_vhJ2qPRPJNTzmmXofhmN2Zzz9VPnjTN-PotfGX7DR_laFUQa7l7TdgLPgAui2Ic3k5E7IQ-wzMICuMMY4DkCMNRF_FxwFqvfZlhveGEMxfH744Q3u9K0WBq8~&bannerid=221090&campaignid=232&endpoint=WATERFALL&zoneid=660774&tid=a_660774_f84c9d8fad1d4a18923802ba9b6ff797
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
P3P
CP="CUR ADM OUR NOR STA NID"
Access-Control-Allow-Origin
*
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Content-Type
image/gif
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
fp
vap5ams1.lijit.com/data/ Frame 6F82 		43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://vap5ams1.lijit.com/data/fp?tid=a_660774_f84c9d8fad1d4a18923802ba9b6ff797&zoneid=660774&starttime=1637997920147&adcfg=2&adcfg_response=251&addelivery=254&addelivery_response=472&lgfired=474&beacon=479&container=480&EOL=480&ctstart=0&elapsed_ms=480
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx
X-Sovrn-Pod
ad_ap5ams1
X-Powered-By
raptor
Content-Length
43
Content-Type
image/gif
pixel
googleads.g.doubleclick.net/xbbe/ Frame 86F7 		624 B
297 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:20 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame C27B 		13 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BZexcGYXonaAPfBz--v8YH5MgncV8HJT7B7K5MT2DA1-m81SG6jWP0B-HGQHJIj-JU2UKatc4BZtyiqFaNu4IVzg190_kEb6ufDIEvBgF7K4ktCm6pclttXMQnipdmgOA9N3TKRh8s674OzKMgeWUtzwdfqA&dbm_d=AKAmf-AZpsAiEzvF1E2KtFoviyr33U4SeGdFCkpWAWar6yzvyM5PqYmv5QqtF18oCXXL2nJuxVToFpe9NNVCw6eq__kAOVBeVsDnAGuQYQCzFnrJhmYd6R_y3eSvLPk3hjVpqDDe1lCP_9OghrEyL3crSY7S7Z2kGZCUNhyzMKwDPkz_vJd_e9mr61okxGc9QFFUTOS3rGMrURfgdEKEVegeKol-8rMcuHKZb08dY56t5fgJeQNrnVzVR29rmop6VxsL7kJ94HnLcnG9ByDfxGq3zpMxU0DDOxus7ZcjXMYzTm3bokco-qqx0MolaABI8ZEdQImUdhJJ0pbXRV2zyycraYqIuuSyGIsHfHJ-wg8-pAStE16GdMAwlevkAzpJx2dt77oMIxwJJOuq6-Bai0acvMPVDIcck-i_LnGGq_w6IbduFuoHuBmFIU-OvdQ2ngItoiEYppU0thK4PM53SGfav_9J0HgRfVHm1qVf5SIr2cmdPHbG5Ph4XUbuyKQy9VSNLRPxltEUFUqvrtnbhIxGDaymU-lFXlJjIj8q8Ygd690bdwnuesgukgy7QYX_QwgkOgaNqT3_UsvJtRUFBP29pfCHmeOfiwbPXe6q0LHrNFdk8TEuWe5NAJIbclRTxhDZznav2EF5dtwYaYe_gQJbbKjW-_UpLItjCd49WzSxjmIX08ipkKbWeCqZWpcth6MyizVfIflqXMjoMnqY0GBjXiGVPJekwyKHDUuOVUSUQPYbKMHCrulB41PN6VbNF3EBdmV3zWuY8xRmlyIdX0Zj0cHOuYM77V5eyzDWsPDTWOsfxtlSmP8eK4IEOul8dT2zf48pc0Af_qGSO2XvMv8o0uUAESkxOIHz_UBchY0dbxKh4SBD3eeRRCd5yBisVCEqaZISqBW_cfZSC2QTHAQ2wrLyBxwFG1TBuytzjaYwmGN2pDILeuAAoW89714mSJnPnOUAbtVRCJDFP0XBsdUqNNlvyx9J4ze9JiUV2cHnTKzIYZaJX39HoCtmCDWRNyW_9jH-RumIvgM66UnHpVdAjiXS_vb3xJZi1yZ0iSRfSZLKz3xSMFaE5vr8DmyxDaaW64uWGkPhapdD7hlS-OG-1btvLIzauLK_tEmoz5P104Qay2h_FSLYRQb6Bdm0VR1Ip0BxAA0njIFr5Zul5VL2XfG_Y-hrcDX2Qk1NBduPVD7lpd44c3Ns7nFGb00u3K9s629AkoDkaW38rdKn9ffzWQCHqKKcwIkKI6l7olRJJKVexZPbJwGTxjPd2Q_O5CyHsfqabzM19WyGmoGqv1dxKim4tuRtKP_RgcDkOIL1zSDG0gMKBJD3RqoI5mX0HqiDylspBFqxGhRkBWCH2xuO1Bjs6m79WMvHFT5hyStrqoKym6feD6sDAgVdc7rLg4t6zU_Fct0rLZzEhKwcq5gtAiESJ0SQl1fp5LlMGe8KJpCnlOp74qfReHZ7IZDywatbRSOdoqlGy002IpfKUrQFbJUm-_6NDjQjzHnL4juTbacSk3X8cAdTesid_4EIzR-FLpzS7lIi9FvYs12QEiveQHS46Z_5lFYDNdt2IPvb1J1AKrOFqR39S0NniKZDKlsxY897mIg0jDieUBv2Y_lBpHzN3z7OuGNCrWCLkCoxleFj9DDJo9-iSceGe1W3P5ryGfL0TY2YGXXkUdSf3LycsxLEzOpONV90Zw3go7GRu7_1Y9skGkXo2QoDN1LxBMPAcx-yMnt4bxp4LXAdVx56RXGRCp5luiAQJd-Dy_XMs82CjEF-uAxABMJOtB8q5xcNbu6gICh7VmI5fH8RQPJTGQPhpjdSDM__ldxZA0lDsXZ59DA1jPvYGIwcLh4Kf4upSh6W-UO5gPYlxW7dwJfZWAYElDmlDU-jwDSWymnaEsCNhgMkmImLkQ70mSnLQ2ynrzIEb7NlH_3UYB0XXucibSQRyvBPhRQ7FtjGF-o7NZQ6aJHXKvSqrlmLFMpYtnu72lryoxGLXIFzXafKZSjN5nXEmZnGoglTmwj4LIoPJBRghONXoiktF5ErMaGuW9aW3d_ZdNpLBkm1915X_79zQe-j5djA2t5BEyrb_WuLSUY43LcvajYHat4TKNVwRh07jM8eFaNIpNK4wreOV3obGiyBFeY97q6jyTiN1R27UKteMHnpLD_xuXYXIul-5u2Jd7qRghQbMy6QaIE6SbtaTNrrbB35sT1kQkTg8oab0_5349yJpBKyi9KZG9SZCOtICqBBUabV3H5tPDb-rj22krnkD77_le6aPYOp26ALMKJPrePfp2u6vKkTNsJC4Tr1JbDL162jZpArC4gpcvTp_Mvf073COcMbzbzROPpdR8TdS3ZKjXOC1naIR14gduw0FTXPyOEIS1ugqebTshT_TboPTATTwbwUR-YdYjSWCMsi2eyX3gleHGJHwvI_Lb8k8Y2fje9xgW8vY9aQrRMkPNB0tkzDn9NHJRX9gOvf5JgZU7GRW6w1E6jsRhDNQHzsvUPHtGlHia7MZkPESHM9aZ-I4TVuIoX-Nx2zE6KC9ivTKo9E09y3Ax__sk-4xCjb4kERtM-Lsm_bQrl9dEQ6rIzerT7s7YGLy9N2dJ7ROgPOVTTZraG7No5tk6rrTL8brcjjaJNe9tLQCqevGvbFLacwSD63ViaBnNSlmtYWdTHdr31yLaUQDw84nyEf5yaA31iq1RBsLsvtfUsrg95TLeL3K_I0SZzycbOW7Moymr_MrZCywas&cid=CAASEuRoBNblnOiFnE199aJ4zOpePw&rfl=4%2Chttps%253A%252F%252Fbuhgalter911.com%242%2C%2Chttps%253A%252F%252Fbuhgalter911.com%252F%240
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
73eb2099bf64ea4cca61265b7264166e2df4d2888def9a5ddc3e223aedcd8213
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9694
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adj
fw.adsafeprotected.com/rjss/bgd/867523/58678884/xbbe/creative/ Frame C27B 		236 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fw.adsafeprotected.com/rjss/bgd/867523/58678884/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.210.167.181 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-210-167-181.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
0f7637deb27c53d88e3d07ca2cdf19ffdc0631ab47f5077614dda1338d7c80b4

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
x-server-name
app07.or.303net.net
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
expires
Wed, 31 Dec 1969 23:59:59 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C27B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus_fy2019.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:07:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1052
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1332
x-xss-protection
0
server
cafe
etag
3351516697335751560
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:07:48 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame C27B 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:20 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame C27B 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:22:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
175
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6415
x-xss-protection
0
server
cafe
etag
16810888504096353422
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:22:25 GMT
l
www.google.com/ads/measurement/ Frame C27B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaT-0XKOJojKJI9biScBQnmtQsJdr8i5lNww4QXxzENr_OT9SCOM6Mak6mEOx9CLq5lFKaAF6g8_rMD9ZCC6ZAubeVYSyw
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
gen_204
pagead2.googlesyndication.com/pagead/ Frame C27B 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A6BQRuN_hYdHoK_FakM80ASD5IlnR54FXAhE28J706hfsmu1MD9JwGGYygJu0Aer86CtHPCcxL6_0zvlaBFtBebGsmFzrpLzi1qixY4Zg9q9sE_wo
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
17210.js
ads.rubiconproject.com/ad/ Frame 5AE5 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/17210.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.35.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-35-65.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=8701
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8916
Expires
Sat, 27 Nov 2021 09:50:21 GMT
ac
ww1097.smartadserver.com/ Frame 8EA5 		455 B
556 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ww1097.smartadserver.com/ac?nwid=1097&siteid=331033&pgid=1165512&fmtid=26322&async=1&visit=m&tmstp=7602385064&tag=sas_26322&sh=1200&sw=1600&pgDomain=https%3A%2F%2Fbuhgalter911.com%2F&noadcbk=sas.noad&schain=1.0,1!themoneytizer.com,49798,1,buhgalter911.com,buhgalter911.com&isLazy=0&isAdRefresh=0&hb_cpm=2.4196721311475407&hb_bid=ix&hb_ccy=USD&hb_dealid=undefined
Requested by
Host: ww1097.smartadserver.com
URL: https://ww1097.smartadserver.com/config.js?nwid=1097
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.137.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
fe3dec1f8d636050c48303ec4eb0a01234598a594a8036a8bf2dc8038e4febd0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:19 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
3%3b15%3b86
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
transfer-encoding
chunked
content-type
application/javascript; charset=UTF-8
/
c.tmyzer.com/c/ Frame 8EA5 		0
271 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.tmyzer.com/c/?s=49798&f=1&fi=0
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=49798&formatId=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.38.64.100 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx
X-IPLB-Request-ID
6DC98F3F:9597_36264064:01BB_61A1DD60_1DDAABAF:990F
X-IPLB-Instance
20686
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
translator
hbopenbid.pubmatic.com/ Frame E239 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ Frame E239 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=87567827815
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame E239 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=0e0eb7ac-f5bf-4078-bf3d-5b62577cc0bd&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5391311997452917
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
78ffa17efb82cd3e2c564738e22039c22f2aaac05f2531dbb9464212e8e53e35

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ Frame E239 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
8c54d0ff8818989445f9a9e5684a8ad36a42a5a08672f60ea1c16c76e6b270ee

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b18%3b111
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
prebid
ib.adnxs.com/ut/v3/ Frame E239 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
0e69850ff317850db7840bb0ffb48d51d89c576b15bfae4448dfa21c891b2b8f
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
c677bbe4-fad3-49b9-b452-63b44137cfa6
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
adx.adform.net/adx/ Frame E239 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPTBlMGViN2FjLWY1YmYtNDA3OC1iZjNkLTViNjI1NzdjYzBiZA%3D%3D&pt=gross&stid=c7098f4a-a107-4e48-8bdd-22781d89d0f0&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
sync
s.cpx.to/ Frame 8EA5
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dpubmatic%26dsp_uid%3D%23PM_USER_ID%26fid%3Dface160a-a46e-4d75-a385-19d08b0d37e2
  • https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&fid=face160a-a46e-4d75-a385-19d08b0d37e2
95 B
881 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&fid=face160a-a46e-4d75-a385-19d08b0d37e2
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Sat, 27 Nov 2021 07:25:21 UTC

Redirect headers

location
https://s.cpx.to/sync?dsp=pubmatic&dsp_uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&fid=face160a-a46e-4d75-a385-19d08b0d37e2
date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
ca.png
s.cpx.to/ Frame 8EA5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=captify_dmp&google_cm&dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2
  • https://s.cpx.to/ca.png?dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2&google_gid=CAESELne4LTOyZYzD_y11z9rquE&google_cver=1
95 B
804 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2&google_gid=CAESELne4LTOyZYzD_y11z9rquE&google_cver=1
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
95

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://s.cpx.to/ca.png?dsp=dbm&fid=face160a-a46e-4d75-a385-19d08b0d37e2&google_gid=CAESELne4LTOyZYzD_y11z9rquE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
334
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
s.cpx.to/ Frame 8EA5
Redirect Chain
  • https://token.rubiconproject.com/token?pid=34010&puid=7238739462d2b08c&gdpr=0
  • https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KWHHO1UB-X-G6J7&customParamenters={p:customParamenters}&gdpr=0
95 B
859 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KWHHO1UB-X-G6J7&customParamenters={p:customParamenters}&gdpr=0
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Sat, 27 Nov 2021 07:25:21 UTC

Redirect headers

Location
https://s.cpx.to/sync?dsp=rubicon&dsp_uid=KWHHO1UB-X-G6J7&customParamenters={p:customParamenters}&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
getuid
sync.smartadserver.com/ Frame 8EA5
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fs.cpx.to%2Fsync%3Fdsp%3Dsmart_ad_server%26dsp_uid%3D%5Bsas_uid%5D%26fid%3Dface160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0
  • https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=face160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0&cklb=1
0
75 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.smartadserver.com/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=face160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0&cklb=1
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
199.187.193.166 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-length
0

Redirect headers

location
https://sync.smartadserver.com:443/getuid?url=https://s.cpx.to/sync?dsp=smart_ad_server&dsp_uid=[sas_uid]&fid=face160a-a46e-4d75-a385-19d08b0d37e2&gdpr=0&cklb=1
pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
an_fire
s.cpx.to/ Frame 8EA5
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fs.cpx.to%2Fan_fire%3Fapp_nexus_uid%3D%24UID%26pid%3D12762%26ref%3Dhttps%253A%252F%252Fbuhgalter911.com%252F%26hn_ver%3D20%26fid%3Dface160a-a46e-4d75-a3...
  • https://s.cpx.to/an_fire?app_nexus_uid=6458645844671079244&pid=12762&ref=https%3A%2F%2Fbuhgalter911.com%2F&hn_ver=20&fid=face160a-a46e-4d75-a385-19d08b0d37e2&dsp=pub_common&dsp_uid=c64d6732-2c5f-4a...
95 B
865 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/an_fire?app_nexus_uid=6458645844671079244&pid=12762&ref=https%3A%2F%2Fbuhgalter911.com%2F&hn_ver=20&fid=face160a-a46e-4d75-a385-19d08b0d37e2&dsp=pub_common&dsp_uid=c64d6732-2c5f-4aa1-bd00-c184da9069b3
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Sat, 27 Nov 2021 07:25:20 UTC

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
401f0a53-7ae3-4e29-96ed-7b6516c15f9b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/an_fire?app_nexus_uid=6458645844671079244&pid=12762&ref=https%3A%2F%2Fbuhgalter911.com%2F&hn_ver=20&fid=face160a-a46e-4d75-a385-19d08b0d37e2&dsp=pub_common&dsp_uid=c64d6732-2c5f-4aa1-bd00-c184da9069b3
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
s.cpx.to/ Frame 8EA5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=0fkciot&ttd_tpi=1
  • https://s.cpx.to/sync?dsp_uid=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&dsp=TTD
95 B
876 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/sync?dsp_uid=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&dsp=TTD
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Server
34.243.225.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-225-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Sat, 27 Nov 2021 07:25:20 UTC

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://s.cpx.to/sync?dsp_uid=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&dsp=TTD
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
179
sync
pool.grid-data.bidswitch.net/ Frame 8EA5 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pool.grid-data.bidswitch.net/sync?pid=42
Requested by
Host: runwaff.com
URL: https://runwaff.com/usync?i=rf07l732vciakgacx3n4&a=91081f4b53a95ab308c198cbb582b1f29&cb=7899281637997919631
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.185.8.23 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-8-23.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
sodar
pagead2.googlesyndication.com/getconfig/ Frame 5241 		12 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021111601&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b38e51a4ea07654367a3a16ac735491c5f12a995811ac9bd14beb0dcea831181
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9193
x-xss-protection
0
notifyme.php
adtrack.adleadevent.com/ Frame 8EA5 		0
522 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adtrack.adleadevent.com/notifyme.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.0.0/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.184.1 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-184-1.eu-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Last-Modified
Sat, 27 Nov 2021 07:25:20 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 9EFF 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5754&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:20 GMT
usync.html
eus.rubiconproject.com/ Frame 57BB 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Requested by
Host: runwaff.com
URL: https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:20 GMT
Connection
keep-alive
Vary
Accept-Encoding
showad.js
ads.pubmatic.com/AdServer/js/ Frame 02A1 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=14780&ref=https%3A%2F%2Fbuhgalter911.com%2F&cb=3264462715&timeZone=0&adWidth=728&adHeight=90&loc=https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 19 Oct 2021 10:00:01 GMT
server
Apache/2.2.15 (CentOS)
etag
"1302647-96ae-5ceb1b98ba7c4"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
public, max-age=77466
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
13882
expires
Sun, 28 Nov 2021 04:56:26 GMT
ga.js
cdn-adtrue.com/track/ Frame 02A1 		751 B
1003 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-adtrue.com/track/ga.js
Requested by
Host: exchange.adtrue.com
URL: https://exchange.adtrue.com/delivery/impress?pzoneid=14780&ref=https%3A%2F%2Fbuhgalter911.com%2F&cb=3264462715&timeZone=0&adWidth=728&adHeight=90&loc=https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:ead7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31019413fee993018ee66cb39c98ebf7b37365b9e7b439fdfccc33eaa81429b5

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
20748729
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 01 Apr 2021 03:35:26 GMT
server
cloudflare
etag
W/"60653f7e-2ef"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ICu2iD1dcsRLd43Ed7nrTwPH4w3I0jGR2CpohUXEaU1Nedyj0aJ20Rl8n186etkERQJSWzddUTwYNYfZqoo%2FII8cnX5o17ku9Bd5a72OCKDLRGbUwX42rv0vjR3pUALH%2FLRN49Gqz%2BiSh5%2Bxg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
cache-control
max-age=31104000
cf-ray
6b499f3d5a5d6997-FRA
expires
Sun, 27 Mar 2022 03:53:11 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 9353 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:20 GMT
/
adx.adform.net/adx/ Frame EAAD 		5 B
572 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPWVjZTM1NmM2LTJiM2YtNDEwOC05Y2E4LWQ1NWI3MTU2MGI0NQ%3D%3D&pt=gross&stid=55f86e7c-81cc-4ea4-bcc7-8e2699b42d6e&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET,OPTIONS
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
cdb
bidder.criteo.com/ Frame EAAD 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=52133600373
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame EAAD 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=ece356c6-2b3f-4108-9ca8-d55b71560b45&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4047569053436435
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
4f8427d2d71d665ad56de26ad656eef0ac0a98acc788dae358ae3bab78d237e3

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ Frame EAAD 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ Frame EAAD 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
a5f57f7c1dc3bebdd998560bd3389818114fbd9a4801c7bd91449f8356f99aed
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
0b8cd50f-50f0-4637-90f5-cd8ae8ff3089
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ Frame EAAD 		971 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
bd6d5036487a2eb8133053332d1c9412d434d628deb0c204783ac0ba639917ea

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b19%3b101
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
sodar
pagead2.googlesyndication.com/pagead/ Frame 97CA 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=2746888322727205&rc=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
match
c1.adform.net/serving/cookie/ Frame 0C20 		35 B
477 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?party=14&cid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.142 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate, no-transform
pragma
no-cache
expires
-1
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
strict-transport-security
max-age=31536000; includeSubDomains
Pug
image2.pubmatic.com/AdServer/ Frame 3D4C
Redirect Chain
  • https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8855741626325625944
42 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8855741626325625944
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug002:0:389
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8855741626325625944
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame B80F
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
42 B
204 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug020:0:344
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

date
Sat, 27 Nov 2021 07:25:20 GMT
server
Kestrel
content-length
0
cache-control
no-cache
pragma
no-cache
expires
Sat, 27 Nov 2021 00:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
929916
Pug
simage2.pubmatic.com/AdServer/ Frame 61EB
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?ssp=9
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7035147497331357850
42 B
289 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7035147497331357850
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
lhrpug013:0:561
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

Server
nginx
Date
Sat, 27 Nov 2021 07:25:20 GMT
Transfer-Encoding
chunked
Connection
keep-alive
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7035147497331357850
Pug
simage2.pubmatic.com/AdServer/ Frame D60E
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YaHdYAAHnHYSWQAz&gdpr=0&gdpr_consent=&_test=YaHdYAAHnHYSWQAz
1 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YaHdYAAHnHYSWQAz&gdpr=0&gdpr_consent=&_test=YaHdYAAHnHYSWQAz
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/html; charset=utf-8
content-length
1
x-lat
lhrpug003:0:532
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
Varnish
retry-after
0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YaHdYAAHnHYSWQAz&gdpr=0&gdpr_consent=&_test=YaHdYAAHnHYSWQAz
accept-ranges
bytes
date
Sat, 27 Nov 2021 07:25:20 GMT
via
1.1 varnish
x-served-by
cache-ams21043-AMS
x-cache
HIT
x-cache-hits
0
x-timer
S1637997921.974520,VS0,VE0
cache-control
no-cache
pragma
no-cache
content-length
0
adx
match.prod.bidr.io/cookie-sync/ Frame B0FF
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDYTZVN0RRN3NBQUNvdWFOU09SZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
43 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.67.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-67-233.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

cache-control
no-cache, must-revalidate
content-type
image/gif
Date
Sat, 27 Nov 2021 07:25:21 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma
no-cache
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
Content-Length
43
Connection
keep-alive

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
date
Sat, 27 Nov 2021 07:25:21 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
content-length
355
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Pug
simage2.pubmatic.com/AdServer/ Frame 59B5
Redirect Chain
  • https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
0
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/html; charset=utf-8
x-lat
lhrpug019:2:267
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private
content-encoding
gzip

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length
0
date
Sat, 27 Nov 2021 07:25:20 GMT
server
_
Pug
image2.pubmatic.com/AdServer/ Frame 918C
Redirect Chain
  • https://green.erne.co/pubmatic/cm?
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=i7BbsPkJiLKUzbjpbOBrX4s9
42 B
394 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=i7BbsPkJiLKUzbjpbOBrX4s9
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:19 GMT
content-type
image/gif; charset=utf-8
content-length
42
x-lat
amspug001:0:405
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
no-store, no-cache, private

Redirect headers

server
openresty
date
Sat, 27 Nov 2021 07:25:20 GMT
content-length
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=i7BbsPkJiLKUzbjpbOBrX4s9
strict-transport-security
max-age=0; includeSubDomains;
dpe
ad4m.at/ad/ Frame 8226 		15 B
916 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3039::6815:c06c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-type
text/plain; charset=utf-8
content-length
15
report-to
{"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel
{"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires
0
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy
block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy
geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy
same-origin
pragma
no-cache
surrogate-control
no-store
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6b499f3d88add6b5-FRA
bridge
cm.adgrx.com/ Frame D3A0 		43 B
408 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.251.241.204 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software
Cowboy /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Type
image/gif
Content-Length
43
Connection
keep-alive
server
Cowboy
X-RealServer-NX
ams-delivery-6
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Pragma
no-cache
Expires
Thu, 23 Sep 2004 17:42:04 GMT
P3P
CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin
*
rtb-h
trc.taboola.com/sg/pubmatic-ssp-network/1/ Frame 87A4 		0
0
pubmatic&gdpr=0&gdpr_consent=
sync.1rx.io/usersync2/ Frame 007A 		0
0
cookiesync
core.iprom.net/ Frame 1351 		43 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://core.iprom.net/cookiesync
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.5.165.20 , Slovenia, ASN44968 (IPROM-AS, SI),
Reverse DNS
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/

Response headers

Vary
Accept-Encoding
X-adserver-worker
avatar-b9b0ddc33ddd@version_1.358
Connection
close
X-server-arch
v2
Content-Type
image/gif
Content-Length
43
X-core-time
0ms
Date
Sat, 27 Nov 2021 07:25:20 GMT
i.match
s.tribalfusion.com/z/ Frame 8B5B
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
0
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 0DED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=6QjBLp39RY-qm1yU7dqd9g%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
last-modified
Tue, 15 Jun 2021 06:08:03 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3945-5c4c7cc02bd56"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=91312
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5054
expires
Sun, 28 Nov 2021 08:47:12 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
SPug
image4.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9f1a61a1-dd60-4800-a0e8-eba924af4396
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9f1a61a1-dd60-4800-a0e8-eba924af4396
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
MT3 4133 baa842e master zrh-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=9f1a61a1-dd60-4800-a0e8-eba924af4396
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 27 Nov 2021 07:25:19 GMT
/
pixel.onaudience.com/ Frame 0DED 		0
0
Pug
image2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTkwOEMxMkUtOURGRC00NThGLUFBOUItNUM5NEVEREE5REY2&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
amspug015:0:336
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC19fhKPU3B9XrGd08BqdoA&google_cver=1
42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC19fhKPU3B9XrGd08BqdoA&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
amspug020:0:421
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEC19fhKPU3B9XrGd08BqdoA&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubmatic
um.simpli.fi/ Frame 0DED 		43 B
617 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.122.14.34 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
22.0e.7a9f.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
43
expires
Fri, 26 Nov 2021 07:25:20 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&gdpr=0&gdpr_consent=
42 B
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug019:0:496
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
MT3 4133 baa842e master zrh-pixel-x13 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 27 Nov 2021 07:25:19 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=224729157169359204
42 B
232 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=224729157169359204
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug005:0:598
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=224729157169359204
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
42 B
294 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug017:0:611
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
image2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6458645844671079244&gdpr=0&gdpr_consent=
42 B
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6458645844671079244&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-store, no-cache, private
x-lat
amspug012:0:691
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
03792015-2776-4dd5-8b7d-e6dad34bbf9b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6458645844671079244&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC
42 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
amspug016:0:410
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 0DED 		43 B
875 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:1ae5:2286:b535:86e4 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QLZNC01E2uU_Y5LQZ5NNPvN7hXQ5YaI-~A&gdpr=0&gdpr_consent=
0
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QLZNC01E2uU_Y5LQZ5NNPvN7hXQ5YaI-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QLZNC01E2uU_Y5LQZ5NNPvN7hXQ5YaI-~A&gdpr=0&gdpr_consent=
date
Sat, 27 Nov 2021 07:25:20 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
pool.admedo.com/ Frame 0DED
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f4c21355-b1f4-46d1-a732-a503bb51c5a8
0
0
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3013638483369036960&gdpr=0&gdpr_consent=&us_privacy=
1 B
167 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3013638483369036960&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug018:0:409
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3013638483369036960&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
current
pubmatic-match.dotomi.com/match/bounce/ Frame 0DED 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
Pug
image2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
42 B
203 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-store, no-cache, private
x-lat
amspug007:0:877
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:66003f51-23b5-4dec-b7dd-744de62c316d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
42 B
186 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:66003f51-23b5-4dec-b7dd-744de62c316d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Server
185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug003:0:508
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:66003f51-23b5-4dec-b7dd-744de62c316d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=3000
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"
Pug
simage2.pubmatic.com/AdServer/ Frame 0DED
Redirect Chain
  • https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6458645844671079244
0
0
d1ba4609
rtb.gumgum.com/getuid/ Frame 0DED 		35 B
238 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.122.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-122-11.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-type
image/gif;charset=UTF-8
server
nginx
p3p
CP="This is not a P3P policy"
cache-control
private, no-store, must-revalidate, max-age=0
timing-allow-origin
*
content-length
35
expires
0
activeview
pagead2.googlesyndication.com/pcs/ Frame AB5C 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvfsCmh0WSjDeqnLMUGlBhFshtEnHqgNhx7cNffP_w0PMbewFjNDcx9T2F-0KepYbmUktA3iG88M_yaEMWaYXNBKO_S5Jya9_aFd9-e9irO7Z-rLEKG&sig=Cg0ArKJSzHnMg8yX-kp6EAE&id=lidar2&mcvt=1058&p=40,405,130,1375&mtos=1058,1058,1058,1058,1058&tos=1058,0,0,0,0&v=20211110&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=1928020410&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637997919399&rpt=319&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
1460228-55.js
smarttag.rubiconproject.com/a/17210/290974/ Frame 6F82 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.8296946736559496&tk_st=1&rf=https%3A//buhgalter911.com/&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
83c2f6c6d4ad462560c5dd8a22c0e1f70cd83b6bde7f84b7e69837daae00aea4

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Content-Length
837
Expires
Wed, 17 Sep 1975 21:32:10 GMT
usync.js
eus.rubiconproject.com/ Frame 0FB3 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11190
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
1460228-55.js
smarttag.rubiconproject.com/a/17210/290974/ Frame 5AE5 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.6351680640400355&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Requested by
Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
3f7e07baa2dd1e0354c488017769a65e3baf00a29a1ecc6d00861f279e1b0ca2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Content-Length
836
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
adx.adform.net/adx/ Frame F4DB 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPTg0ZTNlZDYxLThmZDItNDA3NS05ZGI0LWVkZDFhYjMxOGVhNg%3D%3D&pt=gross&stid=05b1db00-66df-43a4-a2b2-2dfe218a9d4a&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
cdb
bidder.criteo.com/ Frame F4DB 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=36918862583
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
v1
prg.smartadserver.com/prebid/ Frame F4DB 		958 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
d323b892c3e3928a3f67494a55bfa22a79cc03493d440d20af2ab4293c8f8fae

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b10%3b84
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
prebid
ib.adnxs.com/ut/v3/ Frame F4DB 		138 B
970 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
adff04eafd163a8122ad044c4547af6b6ebcf06dc13983ed25738f1ea878692a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
0716b5f5-1ceb-43a8-958b-417f9c0b9e63
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
138
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame F4DB 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=84e3ed61-8fd2-4075-9db4-edd1ab318ea6&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.6265958504658298
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
81d43b626c290cc388ec18a5dae4e1c8f60bcb8f6b6ca918adea1ac473527cf3

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ Frame F4DB 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ Frame 75C2 		140 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
40a367be45e611243ba2576dda4754871ab0ee45d0ceee597cf217bafac207b6
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
1ac03c77-95f7-47f1-ab1b-7f657debe46b
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
140
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/ Frame 75C2 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ Frame 75C2 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=10054806356
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 75C2 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=30b215b8-35fb-4b68-b31a-c5491e18aaee&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8291902561998203
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
db7c349d8f28ad030602fe1370a3db11faa99c8838112d0aa276943fcf6b4bc4

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
adx.adform.net/adx/ Frame 75C2 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPTMwYjIxNWI4LTM1ZmItNGI2OC1iMzFhLWM1NDkxZTE4YWFlZQ%3D%3D&pt=gross&stid=cf7bb848-f8f1-40d1-a76f-c87d5de1a39a&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
v1
prg.smartadserver.com/prebid/ Frame 75C2 		947 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
7c5b7c964df44d8e704b8071fe3ca82cb91efcd82c69bca428e5f694cb8314fb

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b104
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
services
sumo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sumo.com/services
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
x-sumo-auth
Origin
https://buhgalter911.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.18.0
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age
2592000
services
sumo.com/ 		205 B
606 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sumo.com/services
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
X-Sumo-Auth
7v0Rg7TcffEd2zsaJZSojUkY
Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
vary
Origin, Accept-Encoding
server
nginx/1.18.0
x-frame-options
SAMEORIGIN
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
205
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 5241 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021111601.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
etag
"1624308425655142"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6467
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 27 Nov 2021 07:25:20 GMT
prebid
ib.adnxs.com/ut/v3/ Frame 7883 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
cdaeebd83568dd612aa9d068eaa986e1feb65b0e36cfaa461f727a8597a12d01
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
d8988421-73f8-4232-8ef3-f1738ed6b661
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cdb
bidder.criteo.com/ Frame 7883 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=78104658176
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 7883 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=7297b462-37d7-45bf-8551-a74e2accc08d&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.27687779292924053
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
00b7af3f1cc48cec37218b2a69f5d1a0507eecc4ebe7a272aa38f8a8c47570ca

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ Frame 7883 		762 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
8af035c47ad972ca1696b08046b50a97ab88a56cde180e95cd1688a0f5153eae

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b10%3b63
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
translator
hbopenbid.pubmatic.com/ Frame 7883 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
adx.adform.net/adx/ Frame 7883 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPTcyOTdiNDYyLTM3ZDctNDViZi04NTUxLWE3NGUyYWNjYzA4ZA%3D%3D&pt=gross&stid=b9e914b9-1dc7-445a-8feb-7834a2f7df4b&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
17210.js
ads.rubiconproject.com/ad/ Frame 7DA2 		30 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.rubiconproject.com/ad/17210.js
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.19.35.65 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-35-65.deploy.static.akamaitechnologies.com
Software
Apache / PHP/5.3.3
Resource Hash
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Content-Encoding
gzip
Server
Apache
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=8701
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
8916
Expires
Sat, 27 Nov 2021 09:50:21 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame C27B 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BZexcGYXonaAPfBz--v8YH5MgncV8HJT7B7K5MT2DA1-m81SG6jWP0B-HGQHJIj-JU2UKatc4BZtyiqFaNu4IVzg190_kEb6ufDIEvBgF7K4ktCm6pclttXMQnipdmgOA9N3TKRh8s674OzKMgeWUtzwdfqA&dbm_d=AKAmf-AZpsAiEzvF1E2KtFoviyr33U4SeGdFCkpWAWar6yzvyM5PqYmv5QqtF18oCXXL2nJuxVToFpe9NNVCw6eq__kAOVBeVsDnAGuQYQCzFnrJhmYd6R_y3eSvLPk3hjVpqDDe1lCP_9OghrEyL3crSY7S7Z2kGZCUNhyzMKwDPkz_vJd_e9mr61okxGc9QFFUTOS3rGMrURfgdEKEVegeKol-8rMcuHKZb08dY56t5fgJeQNrnVzVR29rmop6VxsL7kJ94HnLcnG9ByDfxGq3zpMxU0DDOxus7ZcjXMYzTm3bokco-qqx0MolaABI8ZEdQImUdhJJ0pbXRV2zyycraYqIuuSyGIsHfHJ-wg8-pAStE16GdMAwlevkAzpJx2dt77oMIxwJJOuq6-Bai0acvMPVDIcck-i_LnGGq_w6IbduFuoHuBmFIU-OvdQ2ngItoiEYppU0thK4PM53SGfav_9J0HgRfVHm1qVf5SIr2cmdPHbG5Ph4XUbuyKQy9VSNLRPxltEUFUqvrtnbhIxGDaymU-lFXlJjIj8q8Ygd690bdwnuesgukgy7QYX_QwgkOgaNqT3_UsvJtRUFBP29pfCHmeOfiwbPXe6q0LHrNFdk8TEuWe5NAJIbclRTxhDZznav2EF5dtwYaYe_gQJbbKjW-_UpLItjCd49WzSxjmIX08ipkKbWeCqZWpcth6MyizVfIflqXMjoMnqY0GBjXiGVPJekwyKHDUuOVUSUQPYbKMHCrulB41PN6VbNF3EBdmV3zWuY8xRmlyIdX0Zj0cHOuYM77V5eyzDWsPDTWOsfxtlSmP8eK4IEOul8dT2zf48pc0Af_qGSO2XvMv8o0uUAESkxOIHz_UBchY0dbxKh4SBD3eeRRCd5yBisVCEqaZISqBW_cfZSC2QTHAQ2wrLyBxwFG1TBuytzjaYwmGN2pDILeuAAoW89714mSJnPnOUAbtVRCJDFP0XBsdUqNNlvyx9J4ze9JiUV2cHnTKzIYZaJX39HoCtmCDWRNyW_9jH-RumIvgM66UnHpVdAjiXS_vb3xJZi1yZ0iSRfSZLKz3xSMFaE5vr8DmyxDaaW64uWGkPhapdD7hlS-OG-1btvLIzauLK_tEmoz5P104Qay2h_FSLYRQb6Bdm0VR1Ip0BxAA0njIFr5Zul5VL2XfG_Y-hrcDX2Qk1NBduPVD7lpd44c3Ns7nFGb00u3K9s629AkoDkaW38rdKn9ffzWQCHqKKcwIkKI6l7olRJJKVexZPbJwGTxjPd2Q_O5CyHsfqabzM19WyGmoGqv1dxKim4tuRtKP_RgcDkOIL1zSDG0gMKBJD3RqoI5mX0HqiDylspBFqxGhRkBWCH2xuO1Bjs6m79WMvHFT5hyStrqoKym6feD6sDAgVdc7rLg4t6zU_Fct0rLZzEhKwcq5gtAiESJ0SQl1fp5LlMGe8KJpCnlOp74qfReHZ7IZDywatbRSOdoqlGy002IpfKUrQFbJUm-_6NDjQjzHnL4juTbacSk3X8cAdTesid_4EIzR-FLpzS7lIi9FvYs12QEiveQHS46Z_5lFYDNdt2IPvb1J1AKrOFqR39S0NniKZDKlsxY897mIg0jDieUBv2Y_lBpHzN3z7OuGNCrWCLkCoxleFj9DDJo9-iSceGe1W3P5ryGfL0TY2YGXXkUdSf3LycsxLEzOpONV90Zw3go7GRu7_1Y9skGkXo2QoDN1LxBMPAcx-yMnt4bxp4LXAdVx56RXGRCp5luiAQJd-Dy_XMs82CjEF-uAxABMJOtB8q5xcNbu6gICh7VmI5fH8RQPJTGQPhpjdSDM__ldxZA0lDsXZ59DA1jPvYGIwcLh4Kf4upSh6W-UO5gPYlxW7dwJfZWAYElDmlDU-jwDSWymnaEsCNhgMkmImLkQ70mSnLQ2ynrzIEb7NlH_3UYB0XXucibSQRyvBPhRQ7FtjGF-o7NZQ6aJHXKvSqrlmLFMpYtnu72lryoxGLXIFzXafKZSjN5nXEmZnGoglTmwj4LIoPJBRghONXoiktF5ErMaGuW9aW3d_ZdNpLBkm1915X_79zQe-j5djA2t5BEyrb_WuLSUY43LcvajYHat4TKNVwRh07jM8eFaNIpNK4wreOV3obGiyBFeY97q6jyTiN1R27UKteMHnpLD_xuXYXIul-5u2Jd7qRghQbMy6QaIE6SbtaTNrrbB35sT1kQkTg8oab0_5349yJpBKyi9KZG9SZCOtICqBBUabV3H5tPDb-rj22krnkD77_le6aPYOp26ALMKJPrePfp2u6vKkTNsJC4Tr1JbDL162jZpArC4gpcvTp_Mvf073COcMbzbzROPpdR8TdS3ZKjXOC1naIR14gduw0FTXPyOEIS1ugqebTshT_TboPTATTwbwUR-YdYjSWCMsi2eyX3gleHGJHwvI_Lb8k8Y2fje9xgW8vY9aQrRMkPNB0tkzDn9NHJRX9gOvf5JgZU7GRW6w1E6jsRhDNQHzsvUPHtGlHia7MZkPESHM9aZ-I4TVuIoX-Nx2zE6KC9ivTKo9E09y3Ax__sk-4xCjb4kERtM-Lsm_bQrl9dEQ6rIzerT7s7YGLy9N2dJ7ROgPOVTTZraG7No5tk6rrTL8brcjjaJNe9tLQCqevGvbFLacwSD63ViaBnNSlmtYWdTHdr31yLaUQDw84nyEf5yaA31iq1RBsLsvtfUsrg95TLeL3K_I0SZzycbOW7Moymr_MrZCywas&cid=CAASEuRoBNblnOiFnE199aJ4zOpePw&rfl=4%2Chttps%253A%252F%252Fbuhgalter911.com%242%2C%2Chttps%253A%252F%252Fbuhgalter911.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 12:48:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
67035
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
expires
Sat, 26 Nov 2022 12:48:05 GMT
cdb
bidder.criteo.com/ Frame EFC1 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=58729545378
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame EFC1 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=9c0fe930-6427-4d49-ae4c-fe6bc21cfa72&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.8439016716807246
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
e1b4fa57ef557e75c6c1bfe28ca3901e327287bca7ccf2eaf16cf17183ae24b8

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/ Frame EFC1 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
a16f0e9c4d3da787c37dc87b4acf41bc3117ac731d671f441a4e5b47c715ae30
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
f95fdfb2-f538-470b-9205-3906ece72526
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
adx.adform.net/adx/ Frame EFC1 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPTljMGZlOTMwLTY0MjctNGQ0OS1hZTRjLWZlNmJjMjFjZmE3Mg%3D%3D&pt=gross&stid=3ace7fbf-f59c-407f-8616-8c857c4a3d85&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
translator
hbopenbid.pubmatic.com/ Frame EFC1 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ Frame EFC1 		835 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
7137769a0bb2191abe2ea4cf2f40478848fd25bcf799a13f652e911aeca8623f

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b99
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
t.dhj
pxdrop.lijit.com/1/d/ Frame 6F82 		0
225 B 		Script
General
Check archive.org
Download Go to
Full URL
https://pxdrop.lijit.com/1/d/t.dhj?dmn=runwaff.com&GDPR_v2=&pubid=AdPone1
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.233.227 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-233-227.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Expires
Sat, 27 Nov 2021 07:25:20 GMT
ct
ap.lijit.com/data/ Frame 6F82 		43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ap.lijit.com/data/ct?tid=a_660774_f84c9d8fad1d4a18923802ba9b6ff797&zoneid=660774&cid=18&geo=NL&all_tags=185%2C203%2C205%2C248%2C462%2C465%2C515%2C561%2C563%2C565%2C589%2C590%2C600%2C604&tss=326&fired_tags=590&count=1&status=8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C8%2C1%2C32%2C8&elapsed_ms=326
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software
nginx / raptor
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:20 GMT
Server
nginx
X-Sovrn-Pod
ad_ap5ams1
X-Powered-By
raptor
Content-Length
43
Content-Type
image/gif
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame 3E28 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vPk82FDaP4Hs%2BgB4c4yMCzEWPzTvpzBjLFjKy0Sb133cCiXau3NXm9uFqwaQpYNtgk6y1uD7P%2FX0%2Bg40kIWVhcBsMakTiK45fH1%2F84EcUzb4i73x8sL01%2BnTKpHIVIx77RHHr0gJHUkim7UA3WVmLIHfbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f3e7eb96967-FRA
p.js
runwaff.com/ Frame 3E28 		142 B
384 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
185c464ff5e10953eb8ea740e5631c1c3cabee38978a30bed3af995d734d9d53

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=baaeee3411d3fd157639692256e43d715&cb=5288031637997919632
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:20 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
142
x-amz-cf-id
hIQXLpeIIerMsWjDOcMbT3Soi16bdBnZ3pOmMH4N-j1v6jIAgH3gTA==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame E239 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYzcwOThmNGEtYTEwNy00ZTQ4LThiZGQtMjI3ODFkODlkMGYwIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlBVQk1BVElDIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiQURGT1JNIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzMDE2ODUwZDY4MTJkZCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoyNDIsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzMDE2ODUwZDY4MTJkZCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoyNDIsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=c7098f4a-a107-4e48-8bdd-22781d89d0f0&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
showad.js
ads.pubmatic.com/AdServer/js/ Frame 8705 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

last-modified
Tue, 19 Oct 2021 10:00:01 GMT
etag
"1302647-96ae-5ceb1b98ba7c4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13882
content-type
text/html; charset=UTF-8
cache-control
public, max-age=77466
expires
Sun, 28 Nov 2021 04:56:26 GMT
date
Sat, 27 Nov 2021 07:25:20 GMT
vary
Accept-Encoding
showad.js
ads.pubmatic.com/AdServer/js/ Frame C975 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/showad.js
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

last-modified
Tue, 19 Oct 2021 10:00:01 GMT
etag
"1302647-96ae-5ceb1b98ba7c4"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
13882
content-type
text/html; charset=UTF-8
cache-control
public, max-age=77466
expires
Sun, 28 Nov 2021 04:56:26 GMT
date
Sat, 27 Nov 2021 07:25:20 GMT
vary
Accept-Encoding
AdServerServlet
sshowads.pubmatic.com/AdServer/ Frame 02A1 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sshowads.pubmatic.com/AdServer/AdServerServlet?pubId=155495&siteId=631669&adId=2450426&kadwidth=728&kadheight=90&SAVersion=2&js=1&kdntuid=1&pageURL=https%3A%2F%2Fbuhgalter911.com%2F&inIframe=1&kadpageurl=buhgalter911.com&schain=SUPPLYCHAIN_GOES_HERE&operId=3&sec=1&kltstamp=2021-11-27%207%3A25%3A20&timezone=0&screenResolution=1600x1200&ranreq=0.9368814030214252&pmUniAdId=0&gdpr=1&dspids=%7B%7D
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.75 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
be9728ee7fbe591e0decbd574d066fb1dc4db1ab65a3cac03302cc00711dbe01

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
server
nginx
cache-control
no-store, no-cache, private
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-type
text/html; charset=utf-8
rum
dsum-sec.casalemedia.com/ Frame 86F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
43 B
1014 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 27 Nov 2021 07:25:21 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 86F7
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YaHdYTD9tT3o9naxhQZTEgAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
43 B
894 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 27 Nov 2021 07:25:21 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJ0aKBx3RLaT-PsDDjrbUxI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 86F7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESELT7-6pwm7_R2E0KwIHMCyE&google_cver=1
43 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESELT7-6pwm7_R2E0KwIHMCyE&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Protocol
HTTP/1.1
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
e027e329-59ef-493a-a451-921043f1f7af
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESELT7-6pwm7_R2E0KwIHMCyE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 86F7
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ1ODY0NTg0NDY3MTA3OTI0NA%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ1ODY0NTg0NDY3MTA3OTI0NA%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuZoQEQyKWvAhj3mdC7ATAB&v=APEucNUzMXDTmysIY-cygEGRp14lYqgFXudgzlCLpF9smVdmPKjLJZpduwHYFM9vIauOr87JFiOMBfFIILiimMB1Jcpp5JRKG1RV0XeQVqALatLTrKWxbU8GDDImd8OQbCvp2kXU-WWZ6D0djtjRE3Yxf4YtGjv_D9M67-1cCST0z1rp6BRatTE
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
af9e45de-54c7-438e-9ad3-8fe18919b32b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjQ1ODY0NTg0NDY3MTA3OTI0NA%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
p.js
runwaff.com/ Frame 42E1 		142 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: sshowads.pubmatic.com
URL: https://sshowads.pubmatic.com/AdServer/AdServerServlet?pubId=156383&siteId=631466&adId=2458268&kadwidth=970&kadheight=90&SAVersion=2&js=1&kdntuid=1&pageURL=https%3A%2F%2Fbuhgalter911.com%2F&inIframe=1&kadpageurl=buhgalter911.com&schain=1.0%2C1!adpone.com%2Cfc45e59d434ebbb738c3&operId=3&sec=1&kltstamp=2021-11-27%207%3A25%3A20&timezone=0&screenResolution=1600x1200&ranreq=0.6620496830747034&pmUniAdId=0&adVisibility=0&adPosition=-1x-1&pm_uid_bc=D64B5724-3FF3-4FB5-B55C-ECD8BF3153E0&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
1f2e1cd74b4b1ce306091b5a8fd65c2d2675a66b79e765cebb323d1c3cf577ab

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/count?i=rf07l732vciakgacx3n4&a=29e1899b19056b3bbad87d287cfa52325&cb=8648741637997919635
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
142
x-amz-cf-id
fdoC3WgyFDqvm-YyZNM4_MUelpZKkgI8I7J2EnQ-eBNh8B81zbjUSw==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame 0E68 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17460
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 9EFF 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:21 GMT
usync.js
eus.rubiconproject.com/ Frame 57BB 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11189
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
script.js
d2849lw36e7cot.cloudfront.net/ Frame 525D 		117 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d2849lw36e7cot.cloudfront.net/script.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:19:ba84:7f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
422c56a8b0a35ec9c85122a8b8f28cfe28a580e1d9ecb5a08021bd357c8eb6e9

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:19:21 GMT
content-encoding
gzip
last-modified
Fri, 26 Nov 2021 15:47:10 GMT
server
AmazonS3
age
362
etag
W/"62360d901021344ef0d765d8ebc5077e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
cache-control
max-age=600,public,must-revalidate
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
bdtnoB9aoPkPeoGpzrbzqaRkpcJ3ha7_AXhTMjfcUzHSl1OQ6_u-YA==
v1
a3165.casalemedia.com/impression/ Frame 525D 		43 B
303 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a3165.casalemedia.com/impression/v1?bidID=8dd2184f-6eef-4b13-a671-1d06aae97ab8&traceID=c6gtqo1ap78od0orsle0&dspID=85&userID=&cmpro=0&ap=2.46
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.170.61.66 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=100
Content-Length
43
Expires
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 525D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-CN2jQMP_6kZrLSaO1IblIRE5oBd8vkBVqe7y4ycbQEPaMxkvvD4tEcxAwrY7vDl0CwMyPxfscCNVd8EKNBDWeYZiksdHIt-loJEJ78ekXb_8o02BE&pr=13:YaHdYAAAAAANsd7TZBKDDHZvowwofXYHlG0Bpg
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xbfe_backfill.js
googleads.g.doubleclick.net/pagead/ Frame 525D 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ff572b0d1ea0fa4cc55e9299e513463b3e4335320fd698cc6cbc0b07264fc39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 06:50:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2095
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5715
x-xss-protection
0
server
cafe
etag
1413802276024173899
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 27 Nov 2021 07:50:26 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame A3FE 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RGeM7%2Fm%2BaZ5YcyoV7jDYPaDbA7VkSNU7KaWazNtLsqfKGziWYOTaFACSzyiEthZrluxYeLngbzNqMWamhcj3iMPcJECR7P9Lz4rRG716mrWee%2Fnp3L%2BCLGGde%2FA11rLhxNOCxb%2Bn%2BnAD%2FMOpKFKme3effw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f3eee771f15-FRA
p.js
runwaff.com/ Frame A3FE 		151 B
393 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
dee5b86e53a5f789d55a21ff5a02a926b712d0bbbc9cfda18aa9c9942d0d2b4a

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=98f4e4faa4233f870087ce42c5a513e95&cb=1345621637997919630
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
151
x-amz-cf-id
6c38YVABdyh7HtV5uELjH3V8mf1NJVz7_rBZ78l_cTbz0kiSY4reBw==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame EAAD 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNTVmODZlN2MtODFjYy00ZWE0LWJjYzctOGUyNjk5YjQyZDZlIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJDUklURU8ifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IlBVQk1BVElDIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJzaXplcyI6W3sid2lkdGgiOjAsImhlaWdodCI6MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxM2IwZmQ4NGE0MmIyYWUiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MjU4LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxM2IwZmQ4NGE0MmIyYWUiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MjU4LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=55f86e7c-81cc-4ea4-bcc7-8e2699b42d6e&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame 3089 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9QrgovWIc4ep80chwcf9RDayoQrHZSKuz6AN2zka2MJMYWk91lqbkxuHjyJ%2Bz69y%2BC4QHNNfEh8tdD4H7%2FsuQyLexdA9TZmQDDPE%2FE5JjmTJoGVNF9fzvgqhIyacp2U7sbnpusCuuNlaTCa4s2jGyx54w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f3eee7a1f15-FRA
p.js
runwaff.com/ Frame 3089 		145 B
386 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
3ea2994bcce3f61449fbcec48185b3e21da29097a5693d9135748cb9d015f39e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=53b2002c59d3e5f630751881f15474be9&cb=2010711637997919628
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
145
x-amz-cf-id
sP6KJAGI5pkHZtk7f_7YHNrE610ge5Ilyja1_8fs62XnoJjDw6c3hA==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame F4DB 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMDViMWRiMDAtNjZkZi00M2E0LWEyYjItMmRmZTIxOGE5ZDRhIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJDUklURU8ifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJzaXplcyI6W3sid2lkdGgiOjAsImhlaWdodCI6MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxMzMxMzdlMzlmYjg1OGYiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MjE5LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxMzMxMzdlMzlmYjg1OGYiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MjE5LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=05b1db00-66df-43a4-a2b2-2dfe218a9d4a&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
1460228-55.js
smarttag.rubiconproject.com/a/17210/290974/ Frame 7DA2 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.6740972480427792&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Requested by
Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17210.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5dc2a59a4813375499320d39967d6984413e989e6847dd93c7ee0dc4e9d3fb86

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Type
text/javascript
Content-Length
835
Expires
Wed, 17 Sep 1975 21:32:10 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame FE2A 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsshc1lSAazN5rVEwVjumgVR8lCSeZHcRThlzOruFNQ6IhEh229n_UrokX05arcBDMRsRVtHOVVTDTE6SVKLSgWZUyyqgdTM7JjMVUiJUCc3lTySt6JyDKYThVr_ezRK9qf1qX5DpWsuK6ad&sai=AMfl-YQ0bRae48Cm5htc2w5s4NlZT6QwbnPfXIRGLOmUuOr6UdGLnpV2x_kq1py0868aspz2MYLshfAc0_XxxXOxKSLhAiue48mUIoCT5T_leXgyIq1jewejbuoQofMc&sig=Cg0ArKJSzFukCb08OcjKEAE&cid=CAASF-Roa57pp4wSBf_OAvXaQuQKTPBGEKt8&id=ampim&o=215,661&d=240,400&ss=1600,1200&bs=1600,1200&mcvt=1064&mtos=0,0,1064,1064,1064&tos=0,0,1064,0,0&tfs=305&tls=1369&g=100&h=100&tt=1369&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=260308785
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
ads.projectagoraservices.com/ Frame 5AE5 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.6351680640400355&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:21 GMT
41865c64-1ec5-4565-a04e-364966717bb9
beacon-ams3.rubiconproject.com/beacon/d/ Frame 5AE5 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/41865c64-1ec5-4565-a04e-364966717bb9?oo=0&accountId=17210&siteId=290974&zoneId=1460228&sizeId=55&e=6A1E40E384DA563B915BBACA6EFB7EDCF6B3C41B59E9D302980FC9D035817E46010BF2D51043E3463B49E1C48093A316FE5D718BBE08EF1CA553EC95F8FA51D0B39FB19D0B59842193D6B51B7FA0AE1463AF685AF18256F3705059EF4D5C2D87D36E70E082DA4FC5E05D5E1F62C9C736E1501A5C29ACF5C995BCEA9A1A431B34
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
ttj
secure.adnxs.com/ Frame 02A1 		7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/ttj?id=17450242
Requested by
Host: sshowads.pubmatic.com
URL: https://sshowads.pubmatic.com/AdServer/AdServerServlet?pubId=155495&siteId=631669&adId=2450426&kadwidth=728&kadheight=90&SAVersion=2&js=1&kdntuid=1&pageURL=https%3A%2F%2Fbuhgalter911.com%2F&inIframe=1&kadpageurl=buhgalter911.com&schain=SUPPLYCHAIN_GOES_HERE&operId=3&sec=1&kltstamp=2021-11-27%207%3A25%3A20&timezone=0&screenResolution=1600x1200&ranreq=0.9368814030214252&pmUniAdId=0&gdpr=1&dspids=%7B%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
bb349933a2fbb6492c1a11146d34ccee04b3be461b6623f5eadf431f1f5aded4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
f5db5ab6-00ea-4c42-8134-786eb9311266
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame 5B5E 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lQl7LL208XP0iug3mPdPbxNSEHYv9N49MH4tFNddmnKNMCXXA5V8TAD4iaig4YOlyWHjdcLglSZ5V%2B4GZ5P6T9FcKh9cy3VmEtoBvJbnPa2LXt%2Fk718hF9VldXtv0Sj0s3DnDUGS8DOpfyvipNQNTfxYtw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f3f1eb71f15-FRA
p.js
runwaff.com/ Frame 5B5E 		141 B
383 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
a438e75140c81f3c8747f98013700f7ad3bf8040301a35f1aeb6e1aa1e77d6ca

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/send?i=rf07l732vciakgacx3n4&a=5a53537a17bd44ad82d5176115d03d729&cb=4418541637997919644
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
141
x-amz-cf-id
8H2zGkTtkoY48wknlv5wIuKK0cwUt1gL3cpMRyPONJnKj_wlrR9MzQ==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame 7883 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiYjllOTE0YjktMWRjNy00NDVhLThmZWItNzgzNGEyZjdkZjRiIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiQURGT1JNIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzODc1ZTg2MGM5YTM2NSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoxOTcsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzODc1ZTg2MGM5YTM2NSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoxOTcsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=b9e914b9-1dc7-445a-8feb-7834a2f7df4b&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
/
ads.projectagoraservices.com/ Frame 6F82 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:21 GMT
usync.html
eus.rubiconproject.com/ Frame 001D 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/sync
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:21 GMT
Connection
keep-alive
Vary
Accept-Encoding
65c737dd-5580-44d2-904c-d560a0211d98
beacon-ams3.rubiconproject.com/beacon/d/ Frame 6F82 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/65c737dd-5580-44d2-904c-d560a0211d98?oo=0&accountId=17210&siteId=290974&zoneId=1460228&sizeId=55&e=6A1E40E384DA563B6386CD67A960291DD7D04A54DF704D69E11DF0F2FB22F8984C838E2BDF431F4A69D559831423C8565ABF4BC26238BE182B3BEF3BDDC4F2DCB39FB19D0B59842193D6B51B7FA0AE1463AF685AF18256F3705059EF4D5C2D87D36E70E082DA4FC5E05D5E1F62C9C736E1501A5C29ACF5C995BCEA9A1A431B34
Requested by
Host: runwaff.com
URL: https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame 5157 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFynI9kxE%2FaDbgkRQpe1sN%2BhEAixI0XdWOFuFhQ853WUOfH06wg4pm4RIYtGjlAAmMKPx1irWAnr26KRm6NlRyw1hYzVvww0FGiAPfZtWs5qIiKZUFXoQrdq8jwKkKOgfWU%2ByJkSMa2Xf9ZHC8BjqcD9Aw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f3f2ebd1f15-FRA
p.js
runwaff.com/ Frame 5157 		143 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
9a306222f2fdeac0c8a817680a331631db2d99984c06f8cf8b210e26e84f1572

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=4e0ac44bc5a2e0e5c22c8af2178591cf3&cb=4919941637997919647
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
143
x-amz-cf-id
oJSjxKLyoQJ1PVqOr6L4ty1YvhPpLVslrTjDEC97na42-b3ERlgusw==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame EFC1 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiM2FjZTdmYmYtZjU5Yy00MDdmLTg2MTYtOGM4NTdjNGEzZDg1IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJzaXplcyI6W3sid2lkdGgiOjAsImhlaWdodCI6MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxM2JjODlkOWU1YjFlMWUiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MTg0LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxM2JjODlkOWU1YjFlMWUiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6MTg0LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=3ace7fbf-f59c-407f-8616-8c857c4a3d85&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
prebid
ib.adnxs.com/ut/v3/ Frame 9353 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
39aec506cae81ef988c4490c41ade606205484a739a3e6f68e9b47f4e19f7577
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
34bd573b-14cd-4fa6-931f-0c5a38ef613d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/ Frame 9353 		860 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
8b230f7611d58ad583cc50b2fffe6e9eafd2bad567f0b09a5fd2363c0645c1af

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b101
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
translator
hbopenbid.pubmatic.com/ Frame 9353 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:19 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
adx.adform.net/adx/ Frame 9353 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPWEzYzczZjdjLTU4MDMtNGQzMS04MmI5LWU5MmU3MzkyZWFjYg%3D%3D&pt=gross&stid=93b8b7a7-49d8-4e6d-a156-63e2c5720c4c&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
cdb
bidder.criteo.com/ Frame 9353 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=50398178129
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 9353 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=a3c73f7c-5803-4d31-82b9-e92e7392eacb&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.26844180438714416
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
1e6b3f15f7a38a532c46f7bc29b8762c0ccab14c6e3644e2e3032a8cefd631e8

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame DE4F 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
date
Fri, 26 Nov 2021 12:48:06 GMT
expires
Sat, 26 Nov 2022 12:48:06 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
67035
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
runner.html
tpc.googlesyndication.com/sodar/sodar2/224/ Frame F1B2 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5029
date
Fri, 26 Nov 2021 22:14:12 GMT
expires
Sat, 26 Nov 2022 22:14:12 GMT
last-modified
Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
33069
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame F52E 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ab4aff3d13c8faaaf046472d83c33f2f3b00f8eef7278068d8946a8ed4bd8aa5
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Gyoj9ixn+o7MWqwzX+ddvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Sat, 27 Nov 2021 07:25:21 GMT
date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-Gyoj9ixn+o7MWqwzX+ddvw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
512
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
tap.php
pixel.rubiconproject.com/ Frame 0FB3
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/5-5jQ4dA754liaWnHPx63w?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5606672386949604279
0
0
token
token.rubiconproject.com/ Frame 0FB3 		0
0
709414.gif
id.rlcdn.com/ Frame 0FB3 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/709414.gif
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
token
token.rubiconproject.com/ Frame 0FB3 		0
0
token
token.rubiconproject.com/ Frame 0FB3 		0
0
tap.php
pixel.rubiconproject.com/ Frame 0FB3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEOiNTdOpjigiaIPTWtJ4p_s&google_cver=1
0
0
tap.php
pixel.rubiconproject.com/ Frame 0FB3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=9f1a61a1-dd60-4800-a0e8-eba924af4396&expires=28
0
0
rubicon
match.adsrvr.org/track/cmf/ Frame 0FB3 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
PugMaster
image6.pubmatic.com/AdServer/ Frame 8705 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=90747078&p=155495&s=631669&a=2450426&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-length
0
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 5AE5 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:21 GMT
usync.html
eus.rubiconproject.com/ Frame 05FB 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:21 GMT
Connection
keep-alive
Vary
Accept-Encoding
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.17.4 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://runwaff.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.17.4
date
Sat, 27 Nov 2021 07:25:21 GMT
access-control-allow-origin
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-max-age
1728000
content-type
text/plain; charset=utf-8
content-length
0
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
1a
i.clean.gg/ Frame 525D 		0
15 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.17.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 google
server
nginx/1.17.4
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
ads.projectagoraservices.com/ Frame 7DA2 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Requested by
Host: smarttag.rubiconproject.com
URL: https://smarttag.rubiconproject.com/a/17210/290974/1460228-55.js?&cb=0.6740972480427792&tk_st=1&rp_s=c&p_screen_res=1600x1200&ad_slot=290974_55&rp_secure=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba2a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, no-store, must-revalidate
content-length
1163
expires
Sat, 27 Nov 2021 07:25:21 GMT
7c50c40a-9d5b-4a82-a35f-68230bb4637a
beacon-ams3.rubiconproject.com/beacon/d/ Frame 7DA2 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon-ams3.rubiconproject.com/beacon/d/7c50c40a-9d5b-4a82-a35f-68230bb4637a?oo=0&accountId=17210&siteId=290974&zoneId=1460228&sizeId=55&e=6A1E40E384DA563BD890933C19D8CC2C111D60A1EAB1105D1FFD6769881DC03791B21B7E6D988FC6BD6D37A9C21553EBFE5D718BBE08EF1C36A19FB38C82EB0BE070FA7C1571325093D6B51B7FA0AE1463AF685AF18256F3705059EF4D5C2D87D36E70E082DA4FC5E05D5E1F62C9C736E1501A5C29ACF5C995BCEA9A1A431B34
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::77 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:20 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
Content-Type
image/avif
Cache-Control
private, max-age=0, no-cache
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Expires
01 Jan 1970 10:00:00 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame 2BEE 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S41yUK%2FuXBJjT6%2Bxu8AfFeF6gJdtlFHvZ3vi%2BSoLTmlpKPnt4ag5x79xkpt7GgGOfcineA6Yuh1wbF875kkF0WI%2FaKd4S86605kBcrmc8l3WUDQhYTV5I2dYZsUPbjacufZFhb%2F3Z5FgCGfhmLVLDvEhdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f400fb91f15-FRA
p.js
runwaff.com/ Frame 2BEE 		143 B
384 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
4d8a85e52c83c5c0e190516967d1ab0cf08bcb6d895c3941de9b1124d99de932

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=69ea1948c62a33cfec0ab584a19243e31&cb=0876431637997919643
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
143
x-amz-cf-id
taeYmBn_MmRUMpsE9Lj_JectDwOmszwAUj0bmEdg6rVHzIifaqaEBw==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame 75C2 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiY2Y3YmI4NDgtZjhmMS00MGQxLWE3NmYtYzg3ZDVkZTFhMzlhIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiUFVCTUFUSUMifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzOWY0Yjg2YTU2NzY5ZSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoxOTgsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzOWY0Yjg2YTU2NzY5ZSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoxOTgsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=cf7bb848-f8f1-40d1-a76f-c87d5de1a39a&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
v1
prg.smartadserver.com/prebid/ Frame 9EFF 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e5e69d81e4b5b164b36a059fdf3f17b67b1fde6e611f3c88283d771a98468668

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b66
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
/
adx.adform.net/adx/ Frame 9EFF 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5NiZ0cmFuc2FjdGlvbklkPTQ5YjU5ZmU0LTUwNTUtNGE3ZS05NmNjLWMyNmQxZGUyZDY4Mg%3D%3D&pt=gross&stid=512c604b-7b88-4741-ab78-bed2dd5abda4&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
cdb
bidder.criteo.com/ Frame 9EFF 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=58318118214
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
prebid
ib.adnxs.com/ut/v3/ Frame 9EFF 		144 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
8c91869779c5114eba9df5eb2de39a2731845fde9bc663a78edaa9482f8b3a47
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
1e3de8d5-7529-412b-8857-1b7de48a9939
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
144
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ttj
secure.adnxs.com/ Frame 02A1 		0
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/ttj?ttjb=1&bdc=1637997921&bdh=Ghyz_csL_H0eWsheMmllQ0FTJi0.&&bdref=https%3A%2F%2Fbuhgalter911.com%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fbuhgalter911.com%2F,https%3A%2F%2Frunwaff.com%2Fsync%3Fi%3Drf07l732vciakgacx3n4%26a%3Df9cc45838f4c29b5f9349ce01f9beb869%26cb%3D3930431637997919638,https%3A%2F%2Frunwaff.com%2Fsync%3Fi%3Drf07l732vciakgacx3n4%26a%3Df9cc45838f4c29b5f9349ce01f9beb869%26cb%3D3930431637997919638&&id=17450242
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=17450242
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.36 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
692.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 692.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
744e7401-808f-43de-b5be-3c2710dc5591
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 6F82 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:21 GMT
7.0a035390359aab65eb82.js
load.sumo.com/ 		97 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/7.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
CJCF7CW3MV8N7Q6G
cdn-cachedat
08/11/2021 03:14:52
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
CNkELBse4Y593KQCSQRX1oicsKF7scX+YJuwfC6ldz4XD7H1DIWNNU10iOgfiLXPokfuDShuseU=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:47 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
4ce9bd1ff08829ea1e8cfcf531e60bdc
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
4.0a035390359aab65eb82.js
load.sumo.com/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/4.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
N4YGPYHRDAC7QXZH
cdn-cachedat
08/11/2021 01:00:42
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
ZyN3peb0mEdiK4szAABWta3Npp/s6aFp7SGneDOBlLz3RaDSa8Ho9RodM0lRLwgOOWsqwAYTQsw=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:24 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
125625e8ee2d4cb71cd8986de13a4aee
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
2.0a035390359aab65eb82.js
load.sumo.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/2.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
YBS2XEB4GWK751DG
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
2021-10-05 11:42:59
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
N3Y+yWqjjd2CeAmbI5PBHgxAlF7pQQeYSH4+m+LUfa803cIHT/G0Acg0Fd5ve7gBOYqGi2VZPms=
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:08 GMT
server
BunnyCDN-DE1-756
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
880e26f613a71fe5e14ad4dee356f425
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
10.0a035390359aab65eb82.js
load.sumo.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/10.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
MER4KM6F7Q2JNQ5W
cdn-cachedat
08/11/2021 07:29:34
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
E5dcQp/o1cIppfojsowKVOXW7ZUiiNp7ocDAMKJh6oiooddIklNQ5UOgh1R9uM2pZdkJYmHadl8=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:43:54 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
3749152972491a255fbc2440c17de427
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
22.0a035390359aab65eb82.js
load.sumo.com/ 		92 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/22.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
SDRMZCHBH8JCG4EW
cdn-cachedat
08/11/2021 01:39:03
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
Mh4g/5w6u8Sn3oSvTIRlHjXYmlpmbUcVAuUhwYOrgj1kCeipGQke7R0i5izHPL985rLtaJBDcAk=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
35ad36bd72757af6c445f00c1c4c094a
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
23.0a035390359aab65eb82.js
load.sumo.com/ 		329 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/23.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
9XQCP7NW3WVDSYTB
cdn-cachedat
08/11/2021 03:15:25
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
ld40Pz0CH+lzXng12qFYRohEmnjI9dEBceKZ2sX+7mdR6hnYe912+QkcLiFlJd9TnthnETGE3YM=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:10 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
f8d8ca4ac6fe4d9e26cd2b869b5764ed
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
21.0a035390359aab65eb82.js
load.sumo.com/ 		179 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/21.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
PC6V8XNR7Q61HHSG
cdn-cachedat
08/11/2021 04:57:29
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
ZHXqsNODWdp8QMufVJkeNZ8Xe+OkUm7aygEJNy5f/FZIdtn7oJxkd0gh20eHC6PhK+QjRbS0Qac=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:09 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
b0804f09af49746c2ae54bb802d27606
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
64.0a035390359aab65eb82.js
load.sumo.com/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/64.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
HA5WXKDDR49J14S5
cdn-cachedat
08/11/2021 02:58:39
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
tdwIiEVSoIoFjCT91hbXGtcKx2WNNGkRfehwR63674L7CkYizIxkDrZIK4AWzM2dkDrPOU4IpNM=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:44:44 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
14ed5f5ee5afd242abc0b20d247e3e86
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
adfetch
googleads.g.doubleclick.net/pagead/ Frame 04AF 		101 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf13ec800c27643c12ab5bee0864d4b6220f6e3830a98f5f17efa779624506f7
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPCv-uGBuPQCFfMS0wodEu4LJw&gqi=Yd2hYbK-FL6Dx_APyJS1mAc&layout=/sadbundle/%24csp%253Der3%24/50141695197413260/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPCv-uGBuPQCFfMS0wodEu4LJw&gqi=Yd2hYbK-FL6Dx_APyJS1mAc&layout=/sadbundle/%24csp%253Der3%24/50141695197413260/index.html
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Sat, 27 Nov 2021 07:25:21 GMT
server
cafe
content-length
37913
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
xbfe_backfill.js
googleads.g.doubleclick.net/pagead/ Frame 525D 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ff572b0d1ea0fa4cc55e9299e513463b3e4335320fd698cc6cbc0b07264fc39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 06:50:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2095
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5715
x-xss-protection
0
server
cafe
etag
1413802276024173899
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 27 Nov 2021 07:50:26 GMT
v1
a3165.casalemedia.com/impression/ Frame 525D 		43 B
302 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a3165.casalemedia.com/impression/v1?bidID=8dd2184f-6eef-4b13-a671-1d06aae97ab8&traceID=c6gtqo1ap78od0orsle0&dspID=85&userID=&cmpro=0&ap=2.46
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.170.61.66 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=99
Content-Length
43
Expires
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 525D 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-CN2jQMP_6kZrLSaO1IblIRE5oBd8vkBVqe7y4ycbQEPaMxkvvD4tEcxAwrY7vDl0CwMyPxfscCNVd8EKNBDWeYZiksdHIt-loJEJ78ekXb_8o02BE&pr=13:YaHdYAAAAAANsd7TZBKDDHZvowwofXYHlG0Bpg
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame CDCA 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1BAIySu0rMizEu6BxpTJwg3dnvPAoFDeBaEj9GACkQaQ2ET%2BwfNVwgXTqOy9ERAgLNAKD5%2FUUbO6HHVyI2CgC%2FThA4CEqhhPm5DSvSUSQVeUPIOhQlrHgdH8R%2FBspkXnDgiiLV1o2OPQAmExNp2x75dTCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f4058021f15-FRA
p.js
runwaff.com/ Frame CDCA 		141 B
384 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
a58b7ae9f8842735fad3c9bd9701ac0f552b1cec6cf5d0a1adba35e82c11eec2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
141
x-amz-cf-id
mN1UNuuBWwZfrj0y_QTmI7qjdigiHLno9ZUkvrZu0XgWu0LnlfzZIg==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame 9353 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiOTNiOGI3YTctNDlkOC00ZTZkLWExNTYtNjNlMmM1NzIwYzRjIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiJ9LHsiYmlkZGVyIjoiUFVCTUFUSUMifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJSVUJJQ09OIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzMTdhNThkYTQzMzBjZiIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjo4NSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIiwicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsImlkIjoiMTMxN2E1OGRhNDMzMGNmIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAsInNpemUiOnsid2lkdGgiOjAsImhlaWdodCI6MH0sInRpbWVUb1Jlc3BvbmQiOjg1LCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=93b8b7a7-49d8-4e6d-a156-63e2c5720c4c&part=0&on=0
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=2c45d680c8d9a2cffdd1744fb7e4ad1a7&cb=7911121637997919640
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
usync.js
eus.rubiconproject.com/ Frame 001D 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11189
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=2&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=979347940&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997921%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072521%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997921&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
last-modified
Sat, 27-Nov-2021 07:25:21 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:21 GMT
AdDisplayTrackerServlet
aktrack.pubmatic.com/AdServer/ Frame 9F2D 		0
61 B 		Document
General
Check archive.org
Download Go to
Full URL
https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=155495&siteId=631669&adId=2450426&adType=3&adServerId=165&kefact=0.300000&kaxefact=0.300000&kadNetFrequecy=0&kadwidth=728&kadheight=90&kadsizeid=0&kltstamp=1637997921&indirectAdId=2210501&adServerOptimizerId=1&ranreq=0.9368814030214252&kpbmtpfact=0.000000&dcId=3&tldId=0&passback=30&svr=ADS23006U&adsver=_3010998657&adsabzcid=0&cls=ADS&ekefact=Yd2hYUggAACNyytngEri7XpvxHJtH9rbD5MXroKzpC970XMA&ekaxefact=Yd2hYV8gAAB72bd9-js17869Mes9uXhaERp8fiIlzGCNsXA_&ekpbmtpfact=Yd2hYXQgAABgUCcRi_g82k6eNIsrErv2qiUcI5dVrksqg8uw&enpp=Yd2hYYggAAAeFed0hLgDM02U7In7ysUD5AhxI_BNA4m79oHX&pfi=1&dc=lhr19&crID=0&campaignId=0&isRTB=0&imprId=98744631-EC67-44C9-B2BE-AEE6E1427674&oid=98744631-EC67-44C9-B2BE-AEE6E1427674&cntryId=167&domain=buhgalter911.com&sec=1&pmc=0&pAuSt=2&wops=0&sURL=buhgalter911.com&BrID=5
Requested by
Host: runwaff.com
URL: https://runwaff.com/sync?i=rf07l732vciakgacx3n4&a=f9cc45838f4c29b5f9349ce01f9beb869&cb=3930431637997919638
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

content-type
text/html
content-length
0
date
Sat, 27 Nov 2021 07:25:21 GMT
pav2_3.25.min.js
cdn.projectagora-adtag-library.com/adtag325/latest/ Frame 7DA2 		28 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Requested by
Host: ads.projectagoraservices.com
URL: https://ads.projectagoraservices.com/?id=5905&uref=https%3A%2F%2Fbuhgalter911.com%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 11:44:03 GMT
server
UploadServer
etag
"8100755844a395f0c8f5410e88b91dbf"
vary
Accept-Encoding
x-goog-hash
crc32c=y7PU+g==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdsmg7uHDaju3q7IugIfitMi6YzBIsr0k6bnc1NwV0-ffT5j7EARQAz1bxzwPWdRYSaserIOSeAIyxeTR-256iE
content-length
6858
expires
Sat, 27 Nov 2021 12:25:21 GMT
usync.html
eus.rubiconproject.com/ Frame 2785 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:21 GMT
Connection
keep-alive
Vary
Accept-Encoding
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 5AE5 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:21 GMT
usync.js
eus.rubiconproject.com/ Frame 05FB 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11189
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
osd.js
www.googletagservices.com/activeview/js/current/ Frame 525D 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: d2849lw36e7cot.cloudfront.net
URL: https://d2849lw36e7cot.cloudfront.net/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5deb856949b841df89e6db17755544b5b2676d44eec02a69f2a0390cde91412c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28046
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547671297158"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:21 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 6F82 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:21 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame F52E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021111601&jk=3341503723144202&rc=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame A6C8 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6954
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WuPpL9gCaafDPW3I8YgCaPUKu%2F%2BYQcxCYgHEY2OYJQDsqNvBbrOtY1y79S8CDp4iSKf%2BrrKF2uruWUzQr5H65cDnfQxXy0GTEyzLwDcMNWBG7JjWrA2MfYjZ%2BDHyVkOCuZXKeGLhFNxcWjDyQKtbr7L0Qw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f40f8c41f15-FRA
p.js
runwaff.com/ Frame A6C8 		142 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=ek66mjf2d5n9fq1bp7qf
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
ec9eb801027be07e73088ea3cdf525b771cda763e962b7595e1288d98da58ca5

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/stats?i=rf07l732vciakgacx3n4&a=ec888e9209980d4eacd18584b9e4ca683&cb=0113061637997919651
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
142
x-amz-cf-id
KUxUIeXxR7DmNSp0Qk_rRzZz4RK5jtvx4sZJF7buZVcEtqZytPsbpA==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame 9EFF 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNTEyYzYwNGItN2I4OC00NzQxLWFiNzgtYmVkMmRkNWFiZGE0IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9XSwicmVzcG9uc2VzIjpbXSwid2lubmVycyI6W119fSx7InBsYWNlbWVudENvZGUiOiIxNzQ3NDkxOF9idWhnYWx0ZXI5MTEuY29tX3Jvc183Mjh4OTAiLCJzaXplcyI6W3sid2lkdGgiOjAsImhlaWdodCI6MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc0NzQ5MThfYnVoZ2FsdGVyOTExLmNvbV9yb3NfNzI4eDkwIiwiaWQiOiI5ZTQ0NDM4NTBmODA5ZiIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjo1OSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIiwicGxhY2VtZW50Q29kZSI6IjE3NDc0OTE4X2J1aGdhbHRlcjkxMS5jb21fcm9zXzcyOHg5MCIsImlkIjoiOWU0NDQzODUwZjgwOWYiLCJzdGF0dXMiOiJWQUxJRCIsImNwbSI6MCwic2l6ZSI6eyJ3aWR0aCI6MCwiaGVpZ2h0IjowfSwidGltZVRvUmVzcG9uZCI6NTksImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=512c604b-7b88-4741-ab78-bed2dd5abda4&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame DE4F 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17460
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
prebid.3-25.js
cdn.projectagora-adtag-library.com/prebid325/latest/ Frame 7DA2 		360 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
UploadServer /
Resource Hash
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
last-modified
Mon, 01 Nov 2021 13:47:45 GMT
server
UploadServer
etag
"fa7fdd65f39d0e16a18830e016d93050"
vary
Accept-Encoding
x-goog-hash
crc32c=7nuQoQ==
content-type
text/javascript
x-goog-storage-class
STANDARD
cache-control
private, max-age=18000
accept-ranges
bytes
x-guploader-uploadid
ADPycdvi3g73qtgby1GW7sKMf3gj_hbnOTGpUOWIIPylNeBBYzUrvPoLUnW2WNmuiecNR0aUipS6kdWq842yLP9BHGY
expires
Sat, 27 Nov 2021 12:25:21 GMT
usync.js
eus.rubiconproject.com/ Frame 2785 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&geo=eu&co=nl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11189
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
0.0a035390359aab65eb82.js
load.sumo.com/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/0.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
72BJV4V2M6106661
cdn-cachedat
08/11/2021 06:53:00
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
geN8VZqyqgjzxGHn+iZxJjzqyPacwIfonJ7M/Gfx/SPZ8YbafYphswHvw0hJB5OpVkDQ305Tt6o=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:43:53 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
dec4cf4937ae14ca135d562cf80c8ac6
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
96.0a035390359aab65eb82.js
load.sumo.com/ 		1 MB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/96.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
ETN9Y2CB4JR36VS8
cdn-cachedat
08/11/2021 06:56:51
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
hmfe8ryATIBRescEh6v33eH8sJ61l9gyYCWqjtX5MgK5uVzXNqi4XzjIlkZQAGWsnUd8ANzMelg=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:45:08 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
1a3ccb7b9d68cf053f12d01a3bd98bca
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
97.0a035390359aab65eb82.js
load.sumo.com/ 		221 B
958 B 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/97.0a035390359aab65eb82.js
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
cdn-edgestorageid
756
x-amz-request-id
XX71XTHVAZ9WHXF5
cdn-cachedat
08/11/2021 01:00:39
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
IrAr89qZVaMDRwNGV7DkBYLlhQduKqBlKagxiVs2XoSkMpsnw5sFcxxojABTLTuponGysrE/vDc=
server
BunnyCDN-DE1-756
access-control-allow-origin
*
last-modified
Wed, 30 Jun 2021 15:45:09 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=31536000
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cdn-requestid
7fbde147df34c97241bf9ff20a331ee7
cdn-requestcountrycode
NL
cdn-status
200
cdn-requestpullsuccess
True
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame F1B2 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17460
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
abg_lite.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 04AF 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
786
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9475
x-xss-protection
0
server
cafe
etag
15988442915344899701
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:15 GMT
window_focus.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 04AF 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
791
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
server
cafe
etag
11377196957905752455
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 04AF 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:21 GMT
qs_click_protection.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 04AF 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d165fe5be8abd1e2e92a5f471ba17c9d6721a7ef6ed77b0388763308701926e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:16:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
503
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7279
x-xss-protection
0
server
cafe
etag
7604824147042859696
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:16:58 GMT
l
www.google.com/ads/measurement/ Frame 04AF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRGSeWX8f_lGMIllgiYVdXwfzacRZnWQ1yOnOFcnUhE-eQCapCYbr0yg4CZ6H9Xy3h7gK82y4ctWZ5wyRNe49osDP9sHQ
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
v1
prg.smartadserver.com/prebid/ Frame 5AE5 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
92596ba6a5faac2bbe8c8e84768d1b31625fe351d6798d6840839ec5d511a24b

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b66
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 5AE5 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=cc49755e-cfb9-479f-a8dd-b8b2df8a9c3b&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.4358239200581415
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
be38e9556a88a555d91f5d2284c25686bacdcb285614cfb88db4861bb4c3c402

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
/
adx.adform.net/adx/ Frame 5AE5 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPWNjNDk3NTVlLWNmYjktNDc5Zi1hOGRkLWI4YjJkZjhhOWMzYg%3D%3D&pt=gross&stid=70bc8935-1fc4-4584-8d15-ee104491b55c&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
translator
hbopenbid.pubmatic.com/ Frame 5AE5 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ Frame 5AE5 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=17047094850
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
prebid
ib.adnxs.com/ut/v3/ Frame 5AE5 		19 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
3c43dd8b5f8d1028a9069b96de49eb9031bf0a5660164038537d8c5caa1b8029
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
cdc2124b-b441-484c-b976-a0b632dd0e1a
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		81 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e773274d2bf81b8f48ad8c5556d2abc2adcf8aa713516eaaef5f533eff73231d
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Fri, 26 Nov 2021 08:05:27 GMT
expires
Sat, 26 Nov 2022 08:05:27 GMT
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
19752
age
83994
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
adview
googleads.g.doubleclick.net/pagead/ Frame 04AF 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=CV3AzYN2hYdn7F86T-waW4qfACL_0tJZlnsOa-NkNkPqJ50cQASC35YQhYJEEoAGmuJPrAsgBCakCf0-26Wnwsj6oAwHIA0iqBNYBT9AYef7xRKXYATz4q6eMTMNJya4WVf-KH_Q9w4lFs9T4PiO32QxudSHRhmQAVzV7f1iNFDGdkJ5VvAp1GuYCQh1S7KmsXc8VAu3e5eRdby5Bb1jxeocWrD9VAnk75tNK2yQcVLdb7xgjLPLwmTY7w2pgQlkASYqzHKlVk77GqMJmw_PziyvDY89ELzIpIuCTrcw_X2F6_fxQvgkW92-dDo0Tov_bwJRTnNETp-koEvk9NsaTTDiHjK7F5ymKnAIRPdMnzPGXM7wme6W3on_sc4RA8h6tuMAE55C1zbwDkgUECAQYAZIFBAgFGASgBi6AB8LH7JQBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDSCAcIgGEQARgA8ggNYmlkZGVyLTQzNjI4NYAKBMgLAdgTDYgUAtAVAYAXAbIXCAoGCAASABgA&sigh=l5ugBTKMY9c&uach_m=[UACH]&pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q&template_id=419&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 27 Nov 2021 07:25:21 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
iev
csm.nl.eu.criteo.net/ Frame 68E0 		0
0
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaHdYAAHnHYSWQAz
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaHdYAAHnHYSWQAz
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
20e8391fc78a9019eb67dba4b22f0ac2
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
via
1.1 varnish
server
Varnish
x-timer
S1637997922.677596,VS0,VE0
x-served-by
cache-ams21043-AMS
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YaHdYAAHnHYSWQAz
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
usermatch.gif
beacon.krxd.net/ Frame 05FB
Redirect Chain
  • https://pixel.rubiconproject.com/token?pid=27384
  • https://beacon.krxd.net/usermatch.gif?partner=rubicon&partner_uid=KWHHO1UB-X-G6J7
0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=rubicon&partner_uid=KWHHO1UB-X-G6J7
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
H2
Server
52.30.98.117 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
private, no-cache, no-store
x-request-time
D=41 t=1637997921
x-served-by
beacon-n020-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://beacon.krxd.net/usermatch.gif?partner=rubicon&partner_uid=KWHHO1UB-X-G6J7
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://pixel-a.sitescout.com/dmp/pixelSync?nid=1
  • https://pixel.rubiconproject.com/tap.php?v=7430&nid=2238&put=no-consent&expires=360&gdpr=1&gdpr_consent=
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7430&nid=2238&put=no-consent&expires=360&gdpr=1&gdpr_consent=
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8eb2d9eeed9b9c468975d0ba24565e5b
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:20 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://pixel.rubiconproject.com/tap.php?v=7430&nid=2238&put=no-consent&expires=360&gdpr=1&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://i.w55c.net/ping_match.gif?ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=RUBICON&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D30
  • https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=CJmHPDFI1MQS5j5&expires=30
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=CJmHPDFI1MQS5j5&expires=30
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
f72efbd84733ea5ba734e4e8fe0395a3
Content-Type
image/gif

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-00eeed23208b59ecc@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=CJmHPDFI1MQS5j5&expires=30
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=${ADELPHIC_CUID}&expires=30
  • https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2e5b54d5-4f53-11ec-b930-65692a6201a5&expires=30
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2e5b54d5-4f53-11ec-b930-65692a6201a5&expires=30
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
4f2e9ddc15e6cc2c3861f8e2683d2514
Content-Type
image/gif

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=17149&nid=2861&put=2e5b54d5-4f53-11ec-b930-65692a6201a5&expires=30
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
Apache-Coyote/1.1
Connection
keep-alive
Content-Length
0
X-CI-RTID
2e5b54d6-4f53-11ec-b930-65692a6201a5
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://um.simpli.fi/rb_match
  • https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=4B7E93DD677B47ACAB218B72935F22E9&expires=365
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=4B7E93DD677B47ACAB218B72935F22E9&expires=365
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
d5a7ef20801cf5cb1ee516b6110e672f
Content-Type
image/gif

Redirect headers

date
Sat, 27 Nov 2021 07:25:21 GMT
x-content-type-options
nosniff
server
nginx
location
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=4B7E93DD677B47ACAB218B72935F22E9&expires=365
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Fri, 26 Nov 2021 07:25:21 GMT
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://ad.turn.com/r/cs?pid=6
  • https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=3013638483369036960&expires=60&gdpr=&gdpr_consent=
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=3013638483369036960&expires=60&gdpr=&gdpr_consent=
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
Content-Type
image/gif

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=4212&nid=1185&put=3013638483369036960&expires=60&gdpr=&gdpr_consent=
pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
tap.php
pixel.rubiconproject.com/ Frame 05FB
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1164
  • https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=224729157169359204
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=224729157169359204
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
location
https://pixel.rubiconproject.com/tap.php?v=14240&nid=2676&put=224729157169359204
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
adj
bid.g.doubleclick.net/xbbe/creative/ Frame C27B
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/bgd/867523/58678884/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohO...
  • https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ...
58 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H2
Server
74.125.133.157 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
d47d292f013ca50f500912e6ff178426b03e9cb0bf44ff84fff5d7c2969fbf4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20726
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
x-server-name
app01.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB
cache-control
no-cache
content-length
0
server
nginx
sca.17.5.12.js
static.adsafeprotected.com/ Frame 01F5 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.adsafeprotected.com/sca.17.5.12.js
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5e00:8:48e:53c0:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 01 Oct 2021 08:08:31 GMT
content-encoding
gzip
age
4922211
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 19 Aug 2021 16:31:24 GMT
server
AmazonS3
etag
W/"9304f57298c3834ff107ea7ccb547996"
vary
Accept-Encoding
x-amz-version-id
9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via
1.1 b44e2902bb3501d47514e51618f1bda5.cloudfront.net (CloudFront)
cache-control
max-age=315360000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
VP_RDP7fdR4Ac-gBMaCDaPca4b5gL8Ta2GoLFMD27BoCph50OVkmzg==
translator
hbopenbid.pubmatic.com/ Frame 6F82 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
adx.adform.net/adx/ Frame 6F82 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPWRkOTkzZDlkLWRlNzAtNGFkYS1hZTgxLWUzYjgyMTVmMjBjMw%3D%3D&pt=gross&stid=0a521c7f-32d2-4291-893d-15b6ef4db64d&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 6F82 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=dd993d9d-de70-4ada-ae81-e3b8215f20c3&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.5662968162436322
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
80a74bbdb088413032bd41a6094146d50aa3fe3523ddda65c019a4e56020307f

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
prg.smartadserver.com/prebid/ Frame 6F82 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
b75c28722e8d3372cbdcb0f23360ee8be45499434d9d06e9349d4172f36fb064

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b101
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
cdb
bidder.criteo.com/ Frame 6F82 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=39012489333
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:21 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
prebid
ib.adnxs.com/ut/v3/ Frame 6F82 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4486265c9c6592ad2e499bcefcd3f91346ddba53966529a36c591209d1e60f7b
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
106325eb-1f30-430e-a406-cc33120cee7d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame AD80 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 27 Nov 2021 07:02:16 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
1385
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
prebid
ib.adnxs.com/ut/v3/ Frame 7DA2 		21 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
bf2b013d555c6aae7cfc7f81b516e495b028c69ef323ea8a42152bf96e77f650
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
cab5ad96-0a97-423d-b07b-9e09ab57f140
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame 7DA2 		241 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=21034&site_id=292070&zone_id=1489818&size_id=55&gdpr=0&rp_schain=1.0,0!projectagora.com,100489,1,,,&rf=https%3A%2F%2Fbuhgalter911.com%2F&tk_flint=pbjs_lite_v3.25.0&x_source.tid=ceb601c6-22d0-4fef-bc4b-6c20967c221e&p_screen_res=1600x1200&rp_floor=0.01&rp_secure=1&slots=1&rand=0.9969703204412139
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
9f2fb1dd76a1458024902db79689a96b5c5bc34ad48b32bac00a2eaeca5d49cf

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
241
Expires
Wed, 17 Sep 1975 21:32:10 GMT
cdb
bidder.criteo.com/ Frame 7DA2 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=32&wv=3.25.0&cb=75446892606
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
bidder.par.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:21 GMT
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
server
Finatra
timing-allow-origin
*
vary
Origin
/
adx.adform.net/adx/ Frame 7DA2 		5 B
536 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/?rp=4&bWlkPTc2NDI5OCZ0cmFuc2FjdGlvbklkPWNlYjYwMWM2LTIyZDAtNGZlZi1iYzRiLTZjMjA5NjdjMjIxZQ%3D%3D&pt=gross&stid=9db5962f-775b-4f65-bc1e-2d3469b3b826&gdpr=0&gdpr_consent=undefined&fd=1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
5
expires
-1
v1
prg.smartadserver.com/prebid/ Frame 7DA2 		1017 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
44ed1873e1c56b330d1e7314fa768a5835ed04f254c4ed89965dcd13e4b3e237

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
br
vary
Accept-Encoding
x-smrt-d
6%3b11%3b73
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://runwaff.com
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
transfer-encoding
chunked
translator
hbopenbid.pubmatic.com/ Frame 7DA2 		0
57 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://runwaff.com
date
Sat, 27 Nov 2021 07:25:20 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzet,pingTime:-3,time:111,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:111,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B106~0%5D,as:%5B106~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Server-Name
dt40.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzeu,pingTime:-6,time:112,type:i,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:112,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B107~0%5D,as:%5B107~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:buhgalter911.com*%2Cbuhgalter911.com*%2Cbuhgalter911.com*%2Cf494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com*&br=c
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Server-Name
dt45.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
css
fonts.googleapis.com/ 		31 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:200italic,300italic,400italic,500italic,600italic,700italic,800italic,900italic,200,300,400,500,600,700,800
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 27 Nov 2021 06:20:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 27 Nov 2021 07:25:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 27 Nov 2021 07:25:21 GMT
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=buhgalter911.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://buhgalter911.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://buhgalter911.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1626
date
Sat, 27 Nov 2021 07:25:21 GMT
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=buhgalter911.com&cw=1&pbt=1&lsw=1
  • https://mug.criteo.com/sid?cpp=_iaEWHxrRU9pT2R5QWQxemdrcWVXNElISURlR05xSFlhQVNxQVdNNGhaSEdWYWVuRGFJdEpRQk5pZCt0Y3kxSG5GUFFVbjg1NDVTRkdpOHpBVEo4anFoYkVSNkxUTlVDc1I0dTNSM2EwZmljNGRyd0dUd25jcHp6NXZGeE...
438 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=_iaEWHxrRU9pT2R5QWQxemdrcWVXNElISURlR05xSFlhQVNxQVdNNGhaSEdWYWVuRGFJdEpRQk5pZCt0Y3kxSG5GUFFVbjg1NDVTRkdpOHpBVEo4anFoYkVSNkxUTlVDc1I0dTNSM2EwZmljNGRyd0dUd25jcHp6NXZGeEl2UTNzMGZoandxVE00OXY2bExGVU9WV3NwcDRxdHRyMmVHWWZxNkcxZi9KV2FqK0c1RDFQSWVjTkFpVzc5dkpYQXpicGg5T2FITE5LL2Rpb1ZhNTU4K25nMkRiNC9vT0ZuZkx1UXBpNkg3bHdMODluNXUrOWZsMEJCRzVkUEhCaEdxMTU5VHd5cFRaWXdzK3dieTErMkdUWFFMK0VBQT09fA&cppv=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
d5763fb19662b9f8a45817ae003b59dcdd95e2013432d47f781e4bd03992fa5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:21 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3263
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:21 GMT
location
https://mug.criteo.com/sid?cpp=_iaEWHxrRU9pT2R5QWQxemdrcWVXNElISURlR05xSFlhQVNxQVdNNGhaSEdWYWVuRGFJdEpRQk5pZCt0Y3kxSG5GUFFVbjg1NDVTRkdpOHpBVEo4anFoYkVSNkxUTlVDc1I0dTNSM2EwZmljNGRyd0dUd25jcHp6NXZGeEl2UTNzMGZoandxVE00OXY2bExGVU9WV3NwcDRxdHRyMmVHWWZxNkcxZi9KV2FqK0c1RDFQSWVjTkFpVzc5dkpYQXpicGg5T2FITE5LL2Rpb1ZhNTU4K25nMkRiNC9vT0ZuZkx1UXBpNkg3bHdMODluNXUrOWZsMEJCRzVkUEhCaEdxMTU5VHd5cFRaWXdzK3dieTErMkdUWFFMK0VBQT09fA&cppv=2
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2042
content-length
541
expires
0
692.json
id5-sync.com/g/v2/ 		213 B
534 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/692.json
Requested by
Host: player.adtelligent.com
URL: https://player.adtelligent.com/prebidlink/ex18958/hb_299506_4723.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.40 , France, ASN16276 (OVH, FR),
Reverse DNS
p17.id5-sync.com
Software
/
Resource Hash
c32e7afe7f32f85fb3feb8b454861308f376f173668f56cac69ba9d7c5b446fd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://buhgalter911.com
Date
Sat, 27 Nov 2021 07:25:12 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
truncated
/ Frame 04AF 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
242cbc6dab2cdb1f7ad511d17917302d9d0e4a84b6f21b6744571855a90c85d8

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
render_post_ads_v1.html
googleads.g.doubleclick.net/pagead/ Frame 3AA2 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 26 Nov 2021 19:52:10 GMT
expires
Sat, 27 Nov 2021 19:52:10 GMT
content-type
text/html; charset=UTF-8
etag
12223946614886178233
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4980
x-xss-protection
0
age
41591
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
xbfe_backfill.js
googleads.g.doubleclick.net/pagead/ Frame 0049 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ff572b0d1ea0fa4cc55e9299e513463b3e4335320fd698cc6cbc0b07264fc39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 06:50:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2095
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5715
x-xss-protection
0
server
cafe
etag
1413802276024173899
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 27 Nov 2021 07:50:26 GMT
trk.js
cdn.adnxs.com/v/s/221/ Frame 0049 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/221/trk.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5beecaeceee4fae5080c40d2ad96dd7c0b7e5a9bc242fbe2b99ab1276aaaae94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:21 GMT
Content-Encoding
gzip
Age
2150778
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
29240
X-Served-By
cache-lga21934-LGA, cache-ams21063-AMS
Access-Control-Allow-Origin
*, *
Last-Modified
Tue, 02 Nov 2021 09:57:21 GMT
Server
AkamaiNetStorage
X-Timer
S1637997922.928983,VS0,VE0
ETag
"f0105ab6d7d1878d827eb99659d44d8f:1635847041.806544"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Via
1.1 varnish, 1.1 varnish
Expires
Wed, 02 Nov 2022 09:59:04 GMT
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
631954, 1404508
it
fra1-ib.adnxs.com/ Frame 0049 		0
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fbuhgalter911.com%252F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhCH3v2iq_K_vxoYzMawrdKF7tBZKjYJsrtASYFF8T8Re6WH_I5c7T8ZAAAAIK5H8T8he6WH_I5c7T8psrsJJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG94qY4FgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURieG9oSElydFIyQWcyZUVwT2xCUU9kYkYwVFcweWJwU25BM2s3X0VnTEZ3cm1VY19qWG9VV3RjTmZGaDR4T2ozM0xrazVFU1RVQTZ0MkJmWEZqMEIzVEFSUkh3JnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzE5MDkyNDQyOTc2MDgxMzAzMTEiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBb3p3MHqvM-wMcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB6mOBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=7a02ee170a1e705e568682b5cbfd7762b9c337a5
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:21 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
811ef8a9-670c-40d6-aec7-112f337a5651
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0049 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-B3VOi9G5DKLImWeydKhJ0NOaFspU-6pFvcmEBze-UYgvgUGzF9HeqOHQTRnJsgrj3k7-dNwG_Hu9XXqYdXk6RnEAyQCQ
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:21 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
projectagora-483829-hdb.adomik.com/ Frame 5AE5 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiNzBiYzg5MzUtMWZjNC00NTg0LThkMTUtZWUxMDQ0OTFiNTVjIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlJVQklDT04ifSx7ImJpZGRlciI6IkFERk9STSJ9LHsiYmlkZGVyIjoiUFVCTUFUSUMifSx7ImJpZGRlciI6IkNSSVRFTyJ9LHsiYmlkZGVyIjoiQVBQTkVYVVMifV0sInJlc3BvbnNlcyI6W10sIndpbm5lcnMiOltdfX0seyJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwic2l6ZXMiOlt7IndpZHRoIjowLCJoZWlnaHQiOjB9LHsid2lkdGgiOjk3MCwiaGVpZ2h0Ijo5MH1dLCJldmVudHMiOnsicmVxdWVzdHMiOltdLCJyZXNwb25zZXMiOlt7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIiLCJwbGFjZW1lbnRDb2RlIjoiMTc3MjcyNDBfYnVoZ2FsdGVyOTExLmNvbV9yb3NfOTcweDkwIiwiaWQiOiIxMzdkNDQ1MjcyZWI0NyIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjoxMjksImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzN2Q0NDUyNzJlYjQ3Iiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAsInNpemUiOnsid2lkdGgiOjAsImhlaWdodCI6MH0sInRpbWVUb1Jlc3BvbmQiOjEyOSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX0seyJiaWRkZXIiOiJBUFBORVhVUyIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjE0NTg4YjFhMWNkOTMxZCIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjkxNzU0OSwic2l6ZSI6eyJ3aWR0aCI6OTcwLCJoZWlnaHQiOjkwfSwidGltZVRvUmVzcG9uZCI6MjczLCJhZnRlclRpbWVvdXQiOmZhbHNlfV0sIndpbm5lcnMiOltdfX1dfQ%3D%3D&id=70bc8935-1fc4-4584-8d15-ee104491b55c&part=0&on=0
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
/
projectagora-483829-hdb.adomik.com/ Frame 5AE5 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjE0NTg4YjFhMWNkOTMxZCIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAifQ%3D%3D&id=70bc8935-1fc4-4584-8d15-ee104491b55c&won=true
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:21 GMT
Server
nginx
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 840B 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 04:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10948
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sun, 28 Nov 2021 04:22:53 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 840B 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61395
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 27 Nov 2021 14:22:06 GMT
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzgE,pingTime:-2,time:246,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1026,beZ:1027,mfA:1028,cmA:1029,inA:1029,inZ:1032,prA:1032,prZ:1042,si:1050,poA:1051,poZ:1069,cmZ:1069,mfZ:1069,loA:1138,loZ:1140,ltA:1271,ltZ:1271%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:246,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B241~0%5D,as:%5B241~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,sinceFw:219,readyFired:false%7D&br=c
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Server-Name
dt40.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
23783032
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=3&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=1031567938&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072521%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=4&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=119038902&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072521%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
282 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=5&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=1066653451&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072521%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
features
sumo.com/api/site/6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://sumo.com/api/site/6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1/features?site_id=6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
X-Sumo-Auth
7v0Rg7TcffEd2zsaJZSojUkY

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
vary
Origin, Accept-Encoding
server
nginx/1.18.0
etag
"-362431178"
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
features
sumo.com/api/site/6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sumo.com/api/site/6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1/features?site_id=6d2be4d81a5a639a08733dc6dacd6ce72aad58ca910f75a592b69a1c86e4f2d1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.34.133.113 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-133-113.us-west-2.compute.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-sumo-auth
Origin
https://buhgalter911.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

server
nginx/1.18.0
date
Sat, 27 Nov 2021 07:25:22 GMT
access-control-allow-origin
https://buhgalter911.com
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,POST,DELETE
access-control-allow-headers
pragma, x-requested-with, accept, x-sumo-auth, x-sumo-token, content-type
access-control-max-age
2592000
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=_iaEWHxrRU9pT2R5QWQxemdrcWVXNElISURlR05xSFlhQVNxQVdNNGhaSEdWYWVuRGFJdEpRQk5pZCt0Y3kxSG5GUFFVbjg1NDVTRkdpOHpBVEo4anFoYkVSNkxUTlVDc1I0dTNSM2EwZmljNGRyd0dUd25jcHp6NXZGeEl2UTNzMGZoandxVE00OXY2bExGVU9WV3NwcDRxdHRyMmVHWWZxNkcxZi9KV2FqK0c1RDFQSWVjTkFpVzc5dkpYQXpicGg5T2FITE5LL2Rpb1ZhNTU4K25nMkRiNC9vT0ZuZkx1UXBpNkg3bHdMODluNXUrOWZsMEJCRzVkUEhCaEdxMTU5VHd5cFRaWXdzK3dieTErMkdUWFFMK0VBQT09fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1082
date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
vary
Accept-Encoding
render_post_ads_v1.html
googleads.g.doubleclick.net/pagead/ Frame EF25 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 26 Nov 2021 19:52:10 GMT
expires
Sat, 27 Nov 2021 19:52:10 GMT
content-type
text/html; charset=UTF-8
etag
12223946614886178233
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4980
x-xss-protection
0
age
41592
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
xbfe_backfill.js
googleads.g.doubleclick.net/pagead/ Frame 1395 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5ff572b0d1ea0fa4cc55e9299e513463b3e4335320fd698cc6cbc0b07264fc39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 06:50:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2096
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5715
x-xss-protection
0
server
cafe
etag
1413802276024173899
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sat, 27 Nov 2021 07:50:26 GMT
trk.js
cdn.adnxs.com/v/s/221/ Frame 1395 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/221/trk.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5beecaeceee4fae5080c40d2ad96dd7c0b7e5a9bc242fbe2b99ab1276aaaae94

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:22 GMT
Content-Encoding
gzip
Age
2150778
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
29240
X-Served-By
cache-lga21934-LGA, cache-ams21063-AMS
Access-Control-Allow-Origin
*, *
Last-Modified
Tue, 02 Nov 2021 09:57:21 GMT
Server
AkamaiNetStorage
X-Timer
S1637997922.077200,VS0,VE0
ETag
"f0105ab6d7d1878d827eb99659d44d8f:1635847041.806544"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Via
1.1 varnish, 1.1 varnish
Expires
Wed, 02 Nov 2022 09:59:04 GMT
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
631954, 1404509
it
fra1-ib.adnxs.com/ Frame 1395 		0
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fbuhgalter911.com%252F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhDg_faYs9mY9z8YzMawrdKF7tBZKjYJPL8oQX-h6T8RWm8vxEXJ5T8ZAAAAIK5H8T8hWm8vxEXJ5T8pPL8JJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG9479YFgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURWdGFHeWpsZURmVXN3bnRYdUhLcHpCYTVJRUcwX09ZbV93Ty1JdFBlWmUwTWp5cVBHd3l1NkxILXVxdWRQdTdBN0UyUVBTVWpZUzliaXVFRG96UU5TekpmNkpRJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzQ2MDY3MjgwOTM3MjIwNjY2NTYiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBZiEg6f9quKRc8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB-_WBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=1b0259e7a839b63cd64083167a9111da6ec16ab9
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
df3fb49f-e12e-40e4-b70b-d83497b9b404
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1395 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=awbid&awbid_b=AKAmf-ByNSdxc1tBs0z4v4CX5vZM3qhk_CKr-ZhiRuzTGPMVgTSqsLQYgdSFqHYuO6Ill2lZa73HgBPYQAimLvhbuel-sY5t1g
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
bid.g.doubleclick.net/xbbe/ Frame 1395 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bid.g.doubleclick.net/xbbe/pixel?d=KAFCYkFLQW1mLUQ5bl9KRnpPZW90Y0dwdWdLSkxTU3FFTUN1cnF2a3EzQ2gxX042QU9hdFk4ZUtPR2Y3MEVSLTllcDd2ZHkxU0VBYWgwVkhoYm05SU9RVmhoSGNoVnA4cUhXX25R&v=APEucNWyYqQuNn3_62KqqiP6Est9aXjW-NAHE8q9NapVVg484UcgBdnUzfmepbV8F6sv4AlIA_7Jzd5N11g5KO5TfoMccVEOOJMTrRxTco6zk90GDygpnpAF4eW1dmFQ_yEDhZs4FPeh4BPIVLVDb16DEE3j7Y41IoE9-Ss6IYwqz_hbyC-KmBceh-yVtpiYdpD7oSf0d5iFzyrQq3sMWEAdlz-dKhj4Pw
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.133.157 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
/
projectagora-483829-hdb.adomik.com/ Frame 7DA2 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiOWRiNTk2MmYtNzc1Yi00ZjY1LWJjMWUtMmQzNDY5YjNiODI2IiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IkFQUE5FWFVTIn0seyJiaWRkZXIiOiJBUFBORVhVUyJ9LHsiYmlkZGVyIjoiUlVCSUNPTiJ9LHsiYmlkZGVyIjoiQ1JJVEVPIn0seyJiaWRkZXIiOiJBREZPUk0ifSx7ImJpZGRlciI6IlNNQVJUQURTRVJWRVIifSx7ImJpZGRlciI6IlBVQk1BVElDIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6OTcwLCJoZWlnaHQiOjkwfSx7IndpZHRoIjowLCJoZWlnaHQiOjB9XSwiZXZlbnRzIjp7InJlcXVlc3RzIjpbXSwicmVzcG9uc2VzIjpbeyJiaWRkZXIiOiJBUFBORVhVUyIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzZmNhNWUxODU3MGQ5ZSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLjY4MDgxOSwic2l6ZSI6eyJ3aWR0aCI6OTcwLCJoZWlnaHQiOjkwfSwidGltZVRvUmVzcG9uZCI6Mjk1LCJhZnRlclRpbWVvdXQiOmZhbHNlfSx7ImJpZGRlciI6IkFQUE5FWFVTIiwicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsImlkIjoiMTNmY2E1ZTE4NTcwZDllIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAuNjgwODE5LCJzaXplIjp7IndpZHRoIjo5NzAsImhlaWdodCI6OTB9LCJ0aW1lVG9SZXNwb25kIjoyOTUsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjE0NTM1MTYyZGRhMGZiIiwic3RhdHVzIjoiVkFMSUQiLCJjcG0iOjAsInNpemUiOnsid2lkdGgiOjAsImhlaWdodCI6MH0sInRpbWVUb1Jlc3BvbmQiOjI5OSwiYWZ0ZXJUaW1lb3V0IjpmYWxzZX1dLCJ3aW5uZXJzIjpbXX19XX0%3D&id=9db5962f-775b-4f65-bc1e-2d3469b3b826&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:22 GMT
Server
nginx
/
projectagora-483829-hdb.adomik.com/ Frame 7DA2 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJpZCI6IjEzZmNhNWUxODU3MGQ5ZSIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAifQ%3D%3D&id=9db5962f-775b-4f65-bc1e-2d3469b3b826&won=true
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:22 GMT
Server
nginx
osd.js
www.googletagservices.com/activeview/js/current/ Frame 0049 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5deb856949b841df89e6db17755544b5b2676d44eec02a69f2a0390cde91412c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28046
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547671297158"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:22 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame C152 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Wed, 24 Nov 2021 05:35:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 27 Nov 2021 07:25:22 GMT
Age
6559
X-Served-By
cache-lga21983-LGA, cache-ams21083-AMS
X-Cache
HIT, HIT
X-Cache-Hits
1, 35290
X-Timer
S1637997922.263727,VS0,VE0
Vary
Accept-Encoding
rd_log
fra1-ib.adnxs.com/ Frame 0049 		0
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QL9J_BM_RMAAAMA1gAFAQjhuoeNBhCH3v2iq_K_vxoYzMawrdKF7tBZKjYJsrtASYFF8T8Re6WH_I5c7T8ZAAAAIK5H8T8he6WH_I5c7T8psrsJJPSpEzEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG94qY4FgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS_yAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM5NzDyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjE3NjcwMDcwMzDyAqIPCgtQUkVfU0NSSVBUUxKSDzxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGg9dGhpc3x8c2VsZjsvKgoKIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCmZ1bmN0aW9uIGsoYil7a1siICJdKGIpO3JldHVybiBifWtbIiAiXT1mdW5jdGlvbigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1bmN0aW9uIG4oKXt2YXIgYj1oO3ZhciBjPVtdO3ZhciBlPW51bGw7ZG97dmFyIGE9Yjt0cnl7dmFyIGQ7aWYoZD0hIWEmJm51bGwhPWEubG9jYXRpb24uaHJlZiliOnt0cnl7ayhhLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGwpe31kPSExfXZhciBnPWR9Y2F0Y2gobCl7Zz0hMX1pZihnKXt2YXIgZj1hLmxvY2F0aW9uLmhyZWY7ZT1hLmRvY3VtZW50JiZhLmRvY3VtZW50LnJlZmVycmVyfHxudWxsfWVsc2UgZj1lLGU9bnVsbDtjLnB1c2gobmV3IHAoZnx8IiIpKTt0cnl7Yj1hLnBhcmVudH1jYXRjaChsKXtiPW51bGx9fXdoaWxlKGImJmEhPWIpO2E9MDtmb3IoYj1jLmxlbmd0aC0xO2E8PWI7KythKWNbYV0uZGVwdGg9Yi1hO2E9aDtpZihhLmxvY2F0aW9uJiZhLmxvY2F0aW9uLmFuY2VzdG9yT3JpZ2lucyYmYS5sb2NhdGlvbi5hbmNlc3Rvck9yaWdpbnMubGVuZ3RoPT1jLmxlbmd0aC0xKWZvcihiPTE7YjxjLmxlbmd0aDsrK2IpZj1jW2JdLGYudXJsfHwoZi51cmw9YS5sb2NhdGlvbi5hbmNlc3Rvck9yaWdpbnNbYi0KMV18fCIiLGYuaD0hMCk7YT1uZXcgcChoLmxvY2F0aW9uLmhyZWYsITEpO2Y9bnVsbDtmb3IoZT1iPWMubGVuZ3RoLTE7MDw9ZTstLWUpaWYoZz1jW2VdLCFmJiZtLnRlc3QoZy51cmwpJiYoZj1nKSxnLnVybCYmIWcuaCl7YT1nO2JyZWFrfWY9bnVsbDtlPWMubGVuZ3RoJiZjW2JdLnVybDswIT1hLmRlcHRoJiZlJiYoZj1jW2JdKTtjPW5ldyBxKGEsZik7cmV0dXJuIGMuZz9jLmcudXJsOmMuaS51cmx9ZnVuY3Rpb24gcShiLGMpe3RoaXMuaT1iO3RoaXMuZz1jfWZ1bmN0aW9uIHAoYixjKXt0aGlzLnVybD1iO3RoaXMuaD0hIWM7dGhpcy5kZXB0aD1udWxsfTtmdW5jdGlvbiByKCl7dmFyIGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmdW5jdGlvbigpe3ZhciBlPXZvaWQgMD09PWU_LjAxOmU7aWYoIShNYXRoLnJhbmRvbSgpPmUpKXt2YXIgYT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O2E9KGE9dm9pZCAwPT09YT9udWxsOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoJ1tkYXRhLWpjPSI3NyJdJyk7ZT0iaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhLmdldEF0dHJpYnV0ZSgiZGF0YS1qYy12ZXJzaW9uIil8fCJ1bmtub3duIikrIiZzYW1wbGU9IitlO2E9d2luZG93O3ZhciBkO2lmKGQ9YS5uYXZpZ2F0b3IpZD1hLm5hdmlnYXRvci51c2VyQWdlbnQsZD0vQ2hyb21lLy50ZXN0KGQpJiYhL0VkZ2UvLnRlc3QoZCk_ITA6ITE7ZCYmYS5uYXZpZ2F0b3Iuc2VuZEJlYWNvbj8KYS5uYXZpZ2F0b3Iuc2VuZEJlYWNvbihlKTooYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChhLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSksZD1hLmRvY3VtZW50LGQ9dm9pZCAwPT09ZD9kb2N1bWVudDpkLGQ9ZC5jcmVhdGVFbGVtZW50KCJpbWciKSxkLnNyYz1lLGEuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzLnB1c2goZCkpfX0sMCk7cmV0dXJuIDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifXdpbmRvdy5yZmw9ZnVuY3Rpb24oKXtyZXR1cm4gZW5jb2RlVVJJQ29tcG9uZW50KHIoKSl9O30pLmNhbGwodGhpcyk7Cjwvc2NyaXB0PvICyQIKCkVYVFJBX1RBR1MSugI8ZGl2IHN0eWxlPSJwb3NpdGlvbjogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wOiAwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgc3JjPSJodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9nZW5fMjA0P2lkPWF3YmlkJmF3YmlkX2I9QUtBbWYtQjNWT2k5RzVES0xJbVdleWRLaEowTk9hRnNwVS02cEZ2Y21FQnplLVVZZ3ZnVUd6RjlIZXFPSFFUUm5Kc2dyajNrNy1kTndHX0h1OVhYcVlkWGs2Um5FQXlRQ1EiIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiIHN0eWxlPSJkaXNwbGF5Om5vbmUiPjwvZGl2PvICmgEKDFBPU1RfU0NSSVBUUxKJATxzY3JpcHQgc3JjPSJodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wYWdlYWQveGJmZV9iYWNrZmlsbC5qcyI-PC9zY3JpcHQ-PHNjcmlwdD4oZnVuY3Rpb24oKSB7cjNweCgnMTc2NzAwNzAzMCcpO30pKCk7PC9zY3JpcHQ-8gLqDwoQSE9TVF9QT1JUX1BBUkFNUxLVD2h0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC9hZGZldGNoP2Fkaz0zNTMyNTkyOTIxJmFkc2FmZT1tZWRpdW0mY2xpZW50PWNhLXB1Yi0zMDc2ODkwMDEyNzQxNDY3JmZvcm1hdD05NzB4OTBfYXMmaXA9MTA5LjIwMS4xNDMuNjMmb3V0cHV0PWh0bWwmdW52aWV3ZWRfcG9zaXRpb25fc3RhcnQ9MSZ1cmw9YnVoZ2FsdGVyOTExLmNvbSZzdWJfY2xpZW50PWJpZGRlci00NjA1MzI3JmhsPW5sJmFjZWlkPU1JVXdZd0JRRjdRQWRoZTBBQWtidEFENVZUUUJaVm8wQVVaYk5BSE1iRFFCd204MEFkSnZOQUVGY0RRQkhuQTBBU3h3TkFFdGNEUUJMM0EwQVRSd05BRkhjRFFCWG5BMEFXeHdOQUZ0Y0RRQmdYQTBBWnR3TkFHcWNEUUJybkEwQWJGd05BR3ljRFFCdDNBMEFiaHdOQUhTY0RRQjNIQTBBZDF3TkFIa2NEUUI2WEEwQWZWd05BSDJjRFFCUlhOQkFkZjJpQUpvLVlnQzd2bUlBaWRDcWdJb1Fxb0NLVUtxQXZSSXFnSXVYS29DX1hpcUF1SjdxZ0lPZmFvQ2c0aXFBbzJLcWdMYW5xb0N6cUNxQXVxanFnSmVwS29DNUtTcUFxYW5xZ0lxcktvQ0hLNnFBaDZ1cWdJcHJxb0NscS1xQW5hd3FnSjVzS29DZ0xDcUFvbXdxZ0s0c0tvQ29yU3FBaXkxcWdMNnRxb0NTTDJxQWtYQXFnS2F3S29DYk1TcUF0VEZxZ0k1eUtvQ1E4aXFBalRMcWdLdHk2b0Mxc3lxQWpIT3FnTGEwS29DeXRLcUFoclVxZ0pIMUtvQ3l0V3FBdG5WcWdJdDFxb0NVdGFxQW5EV3FnSTkxNm9Da05pcUFuX1pxZ0twMmFvQ2V0cXFBdHJhcWdKTjNLb0NZTnlxQWlmZHFnS2ozYW9DNU4ycUFtcmVxZ0tfM3FvQzVkNnFBbWJmcWdMSDM2b0NYLUNxQXQ3Z3FnTGw0S29DU3VHcUFremlxZ0pQNHFvQzV1S3FBbVBqcWdKcjVLb0M5ZVNxQW1ubHFnSjE1YW9Db09XcUFyUGxxZ0xwNXFvQ1plaXFBbmJvcWdLcjZLb0NSZW1xQXFycHFnSzU2YW9DLS1tcUFoTHFxZ0poNnFvQ3BPcXFBZ2phZndpa00xb1AyWkw3RWxuSy14SUd5X3NTZ2RyN0VuamQteEx3NlBzU0ZlcjdFbl9xLXhKQjZfc1NTdXY3RW52ci14SS03UHNTd3V6N0VtZnQteEp2N2ZzU2N1MzdFbFB1LXhMWjd2c1NsbVprRTJkZDBCUDZWbXNhUXNzRUc5Yk90UzQtU2ZwQyZleGs9MTc2NzAwNzAzMCZhd2JpZF9jPUFLQW1mLUJYc0RxOFVlSTZRbVFfQ0NoSG5mVnhLSVo3VEZIdXg0SEFGZ25uODVvWXdRdHNYOFNidEw1THFuYTRkN1M4ZnpIV1l3VXlSVngxdWJYY3BHVzJOZmxNNEd3aVdqbHNsUWZGTEZnbXBoUGtfUGpUeS1tNHQzdVUwUE9ad1NrTVY2bVRqbVpoTWdLMW1JTG9zdFBuRTVTNzN0ZTZKdyZhd2JpZF9kPUFLQW1mLUNJc1dfRXZ2RGZhekJhdU1fazZtdUhlZ3VQOEJLU1pfanRLVFFOZFMwYW80OWprWWdIdVdRMS1yU3lBUHZqMjZfSHNmeXR0YmsxT0hHOWdGSTFFWWFKRDBpR1R2YnN1R2U3UlY4OEFjYzdtdVBEOFB0Vl8tOTNTWXh1eGpBeWJmVFZhN1lWVklpOFN1UG9PTGlBVFBFLThGNkc2eldqdk56QzNPaUtWaW5LWU84Q2laR0NPdG54Q3J2MDdOUFcxeF9ZYzk3a2pFdUF1dTJzWDBWamxSMi1sNkZpcEtUbkkzc1NGc0dhUEYxd2o0TWM5MlViRWV4WTFPT0ZPeXRGbmRYYU8wMEEzS2UyWEhXWEdFTlp3WVFJbFZnOGpmVXZTVTltdXRlM2I3VktlNmpWSGY3MXJiUFlaOV9rNlB2YlY0VURzME56WEJHYmpQWlVYeWxNSmZpQkpOdUN5RjE4aE9RRjAzTnNObGpCZEhYWHF4SmlpUUVGaExydlVWSjdIcWpfaE9uMnpIY0tkLVcwZTRla3RVc2RHc29FQVpmUFQtdzJkZG5oY3c5NmtWWnpvT2lON3FCU3ZqVFFUY05xTGNzeHJWWWxsUFZLVmh0QXhBWG1yYlU4Z2daOUIyZXBjWFl4MHM5cVBrTlpfNV9XZ2JQakxrM1R6SmVvbnZBTXlzODJqd3ZDcFM5WjEwZ3U5azVJbFo2NERzNnl6dE5GMmFRSWx4eFBUU214Z2dkTkpCLVJsWmFsV1VvTlZQVzJRdklTT1VWNlNzUEZXTWxzcllPZER4aWNtdUp4ak03T1FVVzRabk5kUFBhVXZMWlFNVnNZcks5N3FGWlhpUnFFaWFHWmpveXlES0ZCekNkLWlzVFpjSHA1QnN6ZGk4LXYyX0gwVWZKajdHek0yMjN4QXNqMWo5aEtRazVuMEFpSFZzcnVrc1hJJmNpZD1DQUFTQk9Sb0ItUSZhX2NpZD2AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOlkTDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTA5LjIwMS4xNDMuNjOoBACyBA8IABABGMoHIFooADAAOAK4BADABM_gjiLIBADaBAIIAeAEAfAEtaLLJYgFAZgFAKAFvencweq8z7AxwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFyuJG-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAJgHAaAHAaoHDDExOTM0NzY5MzY3MboHDwgAEAAYACAAMAA42RVAAMgHqY4F0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Af6uyOKCAIQAA..&s=949dcf40cda89fbdee65bf03516066cfc00881c4&bdref=https%3A%2F%2Fbuhgalter911.com%2F&bdtop=true&bdifs=3&bstk=https%3A%2F%2Fbuhgalter911.com%2F,https%3A%2F%2Frunwaff.com%2Fasync_usersync%3Fi%3Drf07l732vciakgacx3n4%26a%3Da4e331c3da32aee5583ff393a195111d9%26cb%3D4487211637997919636,https%3A%2F%2Frunwaff.com%2Fasync_usersync%3Fi%3Drf07l732vciakgacx3n4%26a%3Da4e331c3da32aee5583ff393a195111d9%26cb%3D4487211637997919636,https%3A%2F%2Frunwaff.com%2Fasync_usersync%3Fi%3Drf07l732vciakgacx3n4%26a%3Da4e331c3da32aee5583ff393a195111d9%26cb%3D4487211637997919636&
Requested by
Host: runwaff.com
URL: https://runwaff.com/async_usersync?i=rf07l732vciakgacx3n4&a=a4e331c3da32aee5583ff393a195111d9&cb=4487211637997919636
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
59329df1-a3ac-4161-b172-273e3a456324
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=6&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=801028398&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072522%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=7&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=253807934&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072522%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=8&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=572637189&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997922%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072522%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997922&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
last-modified
Sat, 27-Nov-2021 07:25:23 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:23 GMT
osd.js
www.googletagservices.com/activeview/js/current/ Frame 1395 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/xbfe_backfill.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5deb856949b841df89e6db17755544b5b2676d44eec02a69f2a0390cde91412c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28046
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547671297158"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:22 GMT
async_usersync.html
acdn.adnxs.com/dmp/ Frame A153 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Wed, 24 Nov 2021 05:35:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 27 Nov 2021 07:25:22 GMT
Age
6559
X-Served-By
cache-lga21983-LGA, cache-ams21083-AMS
X-Cache
HIT, HIT
X-Cache-Hits
1, 35292
X-Timer
S1637997922.287573,VS0,VE0
Vary
Accept-Encoding
rd_log
fra1-ib.adnxs.com/ Frame 1395 		0
805 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QLHLfBMxxYAAAMA1gAFAQjhuoeNBhDg_faYs9mY9z8YzMawrdKF7tBZKjYJPL8oQX-h6T8RWm8vxEXJ5T8ZAAAAIK5H8T8hWm8vxEXJ5T8pPL8JJPRzFjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG9479YFgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS_yAgwKBkhFSUdIVBICOTDyAgwKBVdJRFRIEgM5NzDyAiEKBkxPQURFUhIXcmVuZGVyX3Bvc3RfYWRzX3YxLmh0bWzyAhgKCklGUkFNRV9LRVkSCjE2NDY5Mjk4MjXyAqIPCgtQUkVfU0NSSVBUUxKSDzxzY3JpcHQ-KGZ1bmN0aW9uKCl7LyoKCiBDb3B5cmlnaHQgVGhlIENsb3N1cmUgTGlicmFyeSBBdXRob3JzLgogU1BEWC1MaWNlbnNlLUlkZW50aWZpZXI6IEFwYWNoZS0yLjAKKi8KdmFyIGg9dGhpc3x8c2VsZjsvKgoKIFNQRFgtTGljZW5zZS1JZGVudGlmaWVyOiBBcGFjaGUtMi4wCiovCmZ1bmN0aW9uIGsoYil7a1siICJdKGIpO3JldHVybiBifWtbIiAiXT1mdW5jdGlvbigpe307dmFyIG09UmVnRXhwKCJeaHR0cHM_Oi8vKFxcd3wtKStcXC5jZG5cXC5hbXBwcm9qZWN0XFwuKG5ldHxvcmcpKFxcP3wvfCQpIik7CmZ1bmN0aW9uIG4oKXt2YXIgYj1oO3ZhciBjPVtdO3ZhciBlPW51bGw7ZG97dmFyIGE9Yjt0cnl7dmFyIGQ7aWYoZD0hIWEmJm51bGwhPWEubG9jYXRpb24uaHJlZiliOnt0cnl7ayhhLmZvbyk7ZD0hMDticmVhayBifWNhdGNoKGwpe31kPSExfXZhciBnPWR9Y2F0Y2gobCl7Zz0hMX1pZihnKXt2YXIgZj1hLmxvY2F0aW9uLmhyZWY7ZT1hLmRvY3VtZW50JiZhLmRvY3VtZW50LnJlZmVycmVyfHxudWxsfWVsc2UgZj1lLGU9bnVsbDtjLnB1c2gobmV3IHAoZnx8IiIpKTt0cnl7Yj1hLnBhcmVudH1jYXRjaChsKXtiPW51bGx9fXdoaWxlKGImJmEhPWIpO2E9MDtmb3IoYj1jLmxlbmd0aC0xO2E8PWI7KythKWNbYV0uZGVwdGg9Yi1hO2E9aDtpZihhLmxvY2F0aW9uJiZhLmxvY2F0aW9uLmFuY2VzdG9yT3JpZ2lucyYmYS5sb2NhdGlvbi5hbmNlc3Rvck9yaWdpbnMubGVuZ3RoPT1jLmxlbmd0aC0xKWZvcihiPTE7YjxjLmxlbmd0aDsrK2IpZj1jW2JdLGYudXJsfHwoZi51cmw9YS5sb2NhdGlvbi5hbmNlc3Rvck9yaWdpbnNbYi0KMV18fCIiLGYuaD0hMCk7YT1uZXcgcChoLmxvY2F0aW9uLmhyZWYsITEpO2Y9bnVsbDtmb3IoZT1iPWMubGVuZ3RoLTE7MDw9ZTstLWUpaWYoZz1jW2VdLCFmJiZtLnRlc3QoZy51cmwpJiYoZj1nKSxnLnVybCYmIWcuaCl7YT1nO2JyZWFrfWY9bnVsbDtlPWMubGVuZ3RoJiZjW2JdLnVybDswIT1hLmRlcHRoJiZlJiYoZj1jW2JdKTtjPW5ldyBxKGEsZik7cmV0dXJuIGMuZz9jLmcudXJsOmMuaS51cmx9ZnVuY3Rpb24gcShiLGMpe3RoaXMuaT1iO3RoaXMuZz1jfWZ1bmN0aW9uIHAoYixjKXt0aGlzLnVybD1iO3RoaXMuaD0hIWM7dGhpcy5kZXB0aD1udWxsfTtmdW5jdGlvbiByKCl7dmFyIGI9bigpLGM9Yi5pbmRleE9mKCI_Iik7c2V0VGltZW91dChmdW5jdGlvbigpe3ZhciBlPXZvaWQgMD09PWU_LjAxOmU7aWYoIShNYXRoLnJhbmRvbSgpPmUpKXt2YXIgYT1kb2N1bWVudC5jdXJyZW50U2NyaXB0O2E9KGE9dm9pZCAwPT09YT9udWxsOmEpJiYiNzciPT09YS5nZXRBdHRyaWJ1dGUoImRhdGEtamMiKT9hOmRvY3VtZW50LnF1ZXJ5U2VsZWN0b3IoJ1tkYXRhLWpjPSI3NyJdJyk7ZT0iaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1qY2EmamM9NzcmdmVyc2lvbj0iKyhhJiZhLmdldEF0dHJpYnV0ZSgiZGF0YS1qYy12ZXJzaW9uIil8fCJ1bmtub3duIikrIiZzYW1wbGU9IitlO2E9d2luZG93O3ZhciBkO2lmKGQ9YS5uYXZpZ2F0b3IpZD1hLm5hdmlnYXRvci51c2VyQWdlbnQsZD0vQ2hyb21lLy50ZXN0KGQpJiYhL0VkZ2UvLnRlc3QoZCk_ITA6ITE7ZCYmYS5uYXZpZ2F0b3Iuc2VuZEJlYWNvbj8KYS5uYXZpZ2F0b3Iuc2VuZEJlYWNvbihlKTooYS5nb29nbGVfaW1hZ2VfcmVxdWVzdHN8fChhLmdvb2dsZV9pbWFnZV9yZXF1ZXN0cz1bXSksZD1hLmRvY3VtZW50LGQ9dm9pZCAwPT09ZD9kb2N1bWVudDpkLGQ9ZC5jcmVhdGVFbGVtZW50KCJpbWciKSxkLnNyYz1lLGEuZ29vZ2xlX2ltYWdlX3JlcXVlc3RzLnB1c2goZCkpfX0sMCk7cmV0dXJuIDA8PWM_Yi5zdWJzdHJpbmcoMCxjKTpifXdpbmRvdy5yZmw9ZnVuY3Rpb24oKXtyZXR1cm4gZW5jb2RlVVJJQ29tcG9uZW50KHIoKSl9O30pLmNhbGwodGhpcyk7Cjwvc2NyaXB0PvIC8wYKCkVYVFJBX1RBR1MS5AY8ZGl2IHN0eWxlPSJwb3NpdGlvbjogYWJzb2x1dGU7IGxlZnQ6IDBweDsgdG9wOiAwcHg7IHZpc2liaWxpdHk6IGhpZGRlbjsiPjxpbWcgc3JjPSJodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9nZW5fMjA0P2lkPWF3YmlkJmF3YmlkX2I9QUtBbWYtQnlOU2R4YzF0QnMwejR2NENYNXZaTTNxaGtfQ0tyLVpoaVJ1elRHUE1WZ1RTcXNMUVlnZFNGcUhZdU82SWxsMmxaYTczSGdCUFlRQWltTHZoYnVlbC1zWTV0MWciIGJvcmRlcj0wIHdpZHRoPTEgaGVpZ2h0PTEgYWx0PSIiIHN0eWxlPSJkaXNwbGF5Om5vbmUiPjwvZGl2PjxkaXYgc3R5bGU9InBvc2l0aW9uOiBhYnNvbHV0ZTsgbGVmdDogMHB4OyB0b3A6IDBweDsgdmlzaWJpbGl0eTogaGlkZGVuOyI-PGltZyBzcmM9Imh0dHBzOi8vYmlkLmcuZG91YmxlY2xpY2submV0L3hiYmUvcGl4ZWw_ZD1LQUZDWWtGTFFXMW1MVVE1Ymw5S1JucFBaVzkwWTBkd2RXZExTa3hUVTNGRlRVTjFjbkYyYTNFelEyZ3hYMDQyUVU5aGRGazRaVXRQUjJZM01FVlNMVGxsY0RkMlpIa3hVMFZCWVdnd1ZraG9ZbTA1U1U5UlZtaG9TR05vVm5BNGNVaFhYMjVSJnY9QVBFdWNOV3lZcVF1Tm4zXzYyS3FxaVA2RXN0OWFYalctTkFIRThxOU5hcFZWZzQ4NFVjZ0JkblV6Zm1lcGJWOEY2c3Y0QWxJQV83SnpkNU4xMWc1S081VGZvTWNjVkVPT0pNVHJSeFRjbzZ6azkwR0R5Z3BucEFGNGVXMWRtRlFfeUVEaFpzNEZQZWg0QlBJVkxWRGIxNkRFRTNqN1k0MUlvRTktU3M2SVl3cXpfaGJ5Qy1LbUJjZWgteVZ0cGlZZHBEN29TZjBkNWlGenlyUXEzc01XRUFkbHotZEtoajRQdyIgYm9yZGVyPTAgd2lkdGg9MSBoZWlnaHQ9MSBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6bm9uZSI-PC9kaXY-8gKaAQoMUE9TVF9TQ1JJUFRTEokBPHNjcmlwdCBzcmM9Imh0dHBzOi8vZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0L3BhZ2VhZC94YmZlX2JhY2tmaWxsLmpzIj48L3NjcmlwdD48c2NyaXB0PihmdW5jdGlvbigpIHtyM3B4KCcxNjQ2OTI5ODI1Jyk7fSkoKTs8L3NjcmlwdD7yAooRChBIT1NUX1BPUlRfUEFSQU1TEvUQaHR0cHM6Ly9nb29nbGVhZHMuZy5kb3VibGVjbGljay5uZXQvcGFnZWFkL2FkZmV0Y2g_YWRrPTM1MzI1OTI5MjEmYWRzYWZlPW1lZGl1bSZjbGllbnQ9Y2EtcHViLTMwNzY4OTAwMTI3NDE0NjcmZm9ybWF0PTk3MHg5MF9hcyZpcD0xMDkuMjAxLjE0My42MyZvdXRwdXQ9aHRtbCZ1bnZpZXdlZF9wb3NpdGlvbl9zdGFydD0xJnVybD1idWhnYWx0ZXI5MTEuY29tJnN1Yl9jbGllbnQ9YmlkZGVyLTQ2MDUzMjcmaGw9bmwmYWNlaWQ9TUkwd1l3RGtGYlFBVUJlMEFNWWF0QUQ1VlRRQmpXRTBBZWxzTkFIbGJqUUJaMjgwQWNKdk5BRUZjRFFCSG5BMEFTMXdOQUV2Y0RRQk5IQTBBVWR3TkFGZWNEUUJiSEEwQVcxd05BR0JjRFFCbTNBMEFhcHdOQUd1Y0RRQnNYQTBBYk53TkFHM2NEUUJ1SEEwQWRKd05BSGNjRFFCM1hBMEFlUndOQUhwY0RRQjlYQTBBZlp3TkFGRmMwRUJBWGxCQVlQODJRSFdTdzRDSHgxY0F0UDBpQUxXOW9nQ1dfbUlBaV82aUFJblFxb0NLRUtxQWlsQ3FnTFpScW9DYkZ1cUFpNWNxZ0o5WXFvQ19uaXFBcWVLcWdKYWxLb0NnSnVxQW9HYnFnTHNuYW9DcGFlcUFxS29xZ0pqcXFvQzRhdXFBaXVzcWdLSnJhb0NpcTJxQWg2dXFnSXFycW9DYnEtcUFwYXZxZ0ozc0tvQ2VyQ3FBb0N3cWdLS3NLb0N0clNxQWdxOHFnSkt2YW9DdUwycUFqbkFxZ0pGd0tvQ0o4bXFBaVhNcWdMV3pLb0NlODJxQXB6TnFnSzd6cW9DNHMtcUF2VFBxZ0tDMEtvQ1p0S3FBbXpTcWdMZTBxb0NJdE9xQWtfVHFnSlYwNm9Db3RXcUFzclZxZ0xXMWFvQ2RkYXFBb2JXcWdMYjFxb0M0dGVxQW9UWXFnSS0yYW9DcGRtcUFxN1pxZ0k2MnFvQzJkcXFBcGZjcWdMUjNLb0NKOTZxQXNfZXFnTGwzcW9DeU9DcUFxSGhxZ0xKNGFvQ1RlS3FBbWZpcWdKajQ2b0N6LU9xQWlUa3FnS2c1YW9DNS1XcUFpcm1xZ0oyNktvQ3FlaXFBZ3pwcWdJNDZhb0NXdW1xQWtMcXFnSmg2cW9DaS1xcUFscDFKQVM3VG1VRkI5cF9DTkdHSXdvRDU1OEx6VjhWREtvMW9Bd25SZ0VOd3RpaER2dUVZaEJmblBzU2FhUDdFbUN4LXhKZzBfc1N1OXo3RW5qZC14SkgzX3NTNi1MN0Vnbm8teEpfNmZzUzZldjdFb0hzLXhKbDdmc1NtLTM3RWdydS14STM3dnNTVnVfN0VwVm1aQlBFWE5BVDkxWnJHa1lmckJzLVNmcENSeHNIYWduUzYyNCZleGs9MTY0NjkyOTgyNSZhd2JpZF9jPUFLQW1mLUNwOXRTR3lqdlBlVTluN3ZNR2dNVEpYeHdxclZnWjYyUWl3SU0tT0h4YkhhWC12eUpacUFrRUhVb3BDTnhyNHNYMlFtNEZtRnlGZWhaemZXVHU4V0Y0eU5QMGlDcGRnOUtxbF9Ua2JZbU1mSW8yWkNnTE1qQ0lTNDliXzk1Tm9fVnVqSXZvYWNaSzdKTUJqNlp0TlM4UE1lNnJidyZhd2JpZF9kPUFLQW1mLUJCcmRWTkNteFB2LVVSTFFlVzc4VERkTlNxa2FTSVVqNHItd3RJWnIyNV93TWpxM0U4Z0tmQ1ZvdG92QW9sTFBSZThDeFdkd24wdFZDY2Nma0M5YjZQNGxiMGluM2xHYVpGb0lZMmZNOWk0SGdiam5uTEtNQmFsU2ZRbXpLYzNyelktcGRpRFRGQ0t1ZnRsZGw1RzRlcXg1TTNSTGdtcVdaX3ozZTA0a2FIbnRMTjdXQmlpZEx3MUFMM2xDUElvOUNtR3ZQdjJIeVNDNTNEeHlLYWk1NHVZRmktYzFmSnhHemFSTDh3OWVFWjJPd0d2eVByOUtHUGt4ZVowU0d2dnhZZ1ZFQnBfVGpVUF9rdE9VeWlDbjEtd0RoRmYzM21JTVU1dW9PTWJRYV91OTd3RzhscEFuQXdpN2N3Wmk5aTRla1UxaG5yR1luNk45dnE0QmhDajJSaDhvUkp4YjVCXy1uNno3cGl6cEloSDFoTllBbTJHY0F1OWtXRVJmbWRrMzhWV1V1ZVJxY002WG1VSWdZNFhyel9WbExVY2c4ZWFJdndWeG1Vbzdvank0R0s4QklNRUdjek1Ob2NIay1UbjdoRkNmTFItREhUQ0loZmtzTS1McmhvMEdlZlN0eWc4TUFLTFFhTEtacTJpRXljb3dVcmRXaHN3UXJPam9FZk0yWDVMblpVNFlDNGZmaXNpQjFEMjBTVWF2VmFZQ3U4VkVMcVczV3hCU1N2RWdpTGU1RDhocHhxeW5OM3JNTVd2SU1mYm54YmhjY1U5V0t3V1psbmdvOE1FTlQ4Y2Q1TkF5Y2lWVGtfUFhNczlyRW00MTVKZFYyUlp5WGNFY3RsTGMtQVhZTTdqZlVGemFydlo5OW1mcFhSWWtLd3FzV05sdjdXb25xcUJLSnVRVDZUSGk2YWRTeHBQU0lhYkFYWFRpUjUza3RPJmNpZD1DQUFTRXVSb0o5Ymh2cjJYNWo0LURMOThQVDVNR2cmYV9jaWQ9QUtBbWYtRDluX0pGek9lb3RjR3B1Z0tKTFNTcUVNQ3VycXZrcTNDaDFfTjZBT2F0WThlS09HZjcwRVItOWVwN3ZkeTFTRUFhaDBWSGhibTlJT1FWaGhIY2hWcDhxSFdfblGAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOlkTDgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTA5LjIwMS4xNDMuNjOoBACyBA8IABABGMoHIFooADAAOAK4BADABM_gjiLIBADaBAIIAeAEAfAEtaLLJYgFAZgFAKAFmISDp_2q4pFzwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFyuJG-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBu6PAdoGFgoQAAAAAAAAAAAAAAAAAAAAABAAGADgBgHyBgIIAIAHAYgHAJgHAaAHAaoHDDExOTM0NzY5MzY3MboHDwgAEAAYACAAMAA42RVAAMgH79YF0gcNCQAAAAAAAAAAEAAYANoHBggAEAAYAOAHAOoHAggA8Af6uyOKCAIQAA..&s=11079693cfef6696b130349b87af04e04f498806&bdref=https%3A%2F%2Fbuhgalter911.com%2F&bdtop=true&bdifs=3&bstk=https%3A%2F%2Fbuhgalter911.com%2F,https%3A%2F%2Frunwaff.com%2Fusersync%3Fi%3Drf07l732vciakgacx3n4%26a%3D29432f3564089b7a90cba53693d3a59b1%26cb%3D0948231637997919649,https%3A%2F%2Frunwaff.com%2Fusersync%3Fi%3Drf07l732vciakgacx3n4%26a%3D29432f3564089b7a90cba53693d3a59b1%26cb%3D0948231637997919649,https%3A%2F%2Frunwaff.com%2Fusersync%3Fi%3Drf07l732vciakgacx3n4%26a%3D29432f3564089b7a90cba53693d3a59b1%26cb%3D0948231637997919649&
Requested by
Host: runwaff.com
URL: https://runwaff.com/usersync?i=rf07l732vciakgacx3n4&a=29432f3564089b7a90cba53693d3a59b1&cb=0948231637997919649
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
2ac11b5d-67a7-43a8-b8cf-ec2056a20357
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bg-arrow-970x90.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		317 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/bg-arrow-970x90.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfe648aacb5cdcf19d850f54c68d244c2fdd65e7ab0bd48f39048891e229807b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
341140
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Tue, 23 Nov 2021 08:39:42 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 23 Nov 2022 08:39:42 GMT
bg-slide.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		140 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/bg-slide.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eff8b6d9be1eee63c8359b5d773e949f3220f184685cb46d6595dd5c7caef95
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
245910
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 11:06:52 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 11:06:52 GMT
express_html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame C27B 		106 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
Origin
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 08:13:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
83495
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37892
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:52 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 27 Nov 2021 08:13:47 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/ Frame C27B 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/elements/html/omrhp.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/867523/58678884/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB&adsafe_url=https%3A%2F%2Fbuhgalter911.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fbuhgalter911.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&adsafe_type=bd&adsafe_jsinfo=,id:604a6246-d4f1-b993-9424-7a51c4659ca3,c:v9nzd3,sl:outOfView,em:true,fr:false,thd:1,mn:app07or,rg:or,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:2dd44a6c-4f53-11ec-ae01-067641d02172,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:20:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
298
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3140
x-xss-protection
0
server
cafe
etag
17163059639670574047
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:20:24 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame C27B 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js
Requested by
Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/867523/58678884/xbbe/creative/adj?p=APEucNUyXxmKISOwi6s9idc0G0b08AVtFBQohbnwsqttzAijstozQxM&d=CnkAoCZ_4CV8GyNg8hhW1MGY778B4ej57s1LQVmSY-OpUhZvIcMMEoVtiv7kiohOR8F5K7gsfCEt2oal6h3CvxzoJ07WKCEd5bhFMd1iTbZpsAf8GmeoU8U1zr7_cY3vG6VTgDFSBB6udZad6ba76fFGtUzfdPBkR0wNEvkSAKAmf-D8RTfCHlJUkSV4brvElraw5_m-njw9UcmBZkW6vEvQSUz6Ta8OqEO-YYNIdfeRzsPx-i0A6BiitJBpwqFGDei_cn_OrjiLN4EIcAmtvv6t09w4HBGgB4opKRu3MhNC0DFuk07luKZrblUG_VE8NzDI8hSQmgnCH4Fjh2Yc9DKGIEP10Tqr44McGgMIYrVPAepcA24g7Ao8gLjwJbs5Rv5VK_Vw3dnvlnTSzuSvI8JWCVpb2ICJgmG2mKCeNm8H8hVN9GvfcC329lBB_tTGWNYFHd5_jkyIiKMRjm_cX2MM3XOdi5VUgpDRlz5DPpv8WKH3GlW5izjKck2gEn9bZbl80tAxutLxUxVd1NDg0FThLKVm4ZtWBUaS3LNbuBm33rfnHZwXfSLvto2dMzB54dgcA_AB-TEVoJhh6z4dp28PFo0OsNPK7dgt84R17TdfkyX8C2Cq3VmAKx90wWlcrQGMqNVkQSLhTJ6VOqyOMq0nJQXpaZ2cYOvp6iJraadLYaMe3fGToQrjHCGIglBhvy48fkIgZoSiSGgoKY52ekA8oBMbvdfogSO8GoGEju4wsBPHA20O6WXeYRAhbRY8YUn6vr9SmzZjckemkK-rRsk-gYS70QtrikU9VE3_BRMYEyB4krdkVpIjXmNkdupn03yC6eHJQjyzZvPigYZQasZT9LkfMGGWGXIky11oOXlMrHuqu7X2SJ2BNsEwYC3lH3oBiWpgvEoJAJr6wEyKeoHf7Sfa_00JKCMOFK7O-o5yAzy_JasLi8qIkQhLuN63aa5vs_ldIlALCES6AVIj7u-OcoUCB6nJ-mAq1HuLQCSVg9-PYwt6yibcTYl66J-YvdiMJLDrcQ4M9-Oj9WoCU48AaWxOdS3f0YNsMg-6Ryzh5Cf-u1SaOZQ8J1Z3EJGzjpUYvinxDMjjIRwvqGQF7DBjwN8iby6efcEouNksCH2oh5lD6DGEhTNj-LoUxxQA2QIyUcc6329LKhTE1BnVqc8d7ND3dt5PUAYXt3dJHcNGcZEWnz_f5RjN_EbvwC6HXSVRTFHzNMyAl3iDC6OaSmtnIml_yiADd81ul8kepxhG-yN-z1zUMlgonwDQnp_DHbWXMO0xEKMZ85ZnEX3MKvVbEK4ESoRDLSVnzFUZpsxO2vQHQOQ0W6J9vF_wxXAuooCdDXiXmIvVHLJukm9Uz6J2Q3V0ixXw2vMbxjKdJo1iuKpEx40keJynfIJ-ODFvpoUvXiLqLz2d1smxfQJ7SEFuLYWkkKkuzMoOXJbp6TZexzOUXL8mVx96hC72V0vpiJHY2AF3OkXoHXtDGgEgRUZC86aKTOeRwTteBODdCmty0Y1zZlZ-qyajWVGkvSl1wxMOdph6Gtytj1RK6qWEiFvw2b94R1I1e6G9ogelR4oQs4B4RMd324LHc1T_4iE-d_SgFPJv-6Bxd_OaAAb4czjPTPbrO4y7qZSEuq2WWSRf_smGRG6UmxhwRs4zAIpx7S7p2iVqfmhfCT_wXg_mZOn5PrEfaoGP0wqT0dJsh3deYt-xQlU1nu1Y0m8jpsDssvu9ezZVBmOtkvbAc-UcqW3GrtevhC1Q6ZlnXdsXRjI6ojbbc8FlqMtbUJyvDpBFxJjkHVm2r4eVEGV1Vv8UGEUPqHgdWU8oNcli_3isVxf5-jMh8pmgN9C1u5vbKOFhFxvvHZKi_XyStfg_xJL4gDktmr51fXHe1FSMne5EOrgAYS-lb7zSAZGW4vsnrE73Csb7RNGc4mAhXmjvVrCCCi0J7kLAuw2gPkCmJFJJ4xjaL9F_NuCWCrnu-3r4AkyZJqWHr5rZEOz4Ub1Sj6ccStkUBLZ3DMlgsB2mTFsN5ik_NYLfShYISFcFwtWUdJVEcylQWUw4IE_udWNEGDhsmvnu7ui2S0n9O1V9tY8lbhcqYHVkD39JXt3_GKZoFBCvKuLKmEkhZjLH5cpgQm5kNCyq14RnHEUxgWgZxUFkqPTFkYnZ3TkvzFTDjZkg4Bn4mPCUf8GD8dPsxytq7p_DcJX9v3O5TobpR6QXe2bc8h_jRgELraAPCtoNVxS8fGbtwhz9akgwvDMuNmMLhLo3bvWoCIV_4DT2yx4rGVsLmFQ3TtpbXAmChU57jZv5s4j45RxR4AAyeU8-RvxZH5BFkuU8xpsypX119cBYNSX_syRZlx-zzmhiVyUU0H-_uKvt-7XcHWZwtJHUaiWd6vME926k28eFDcnO1sOGaCiUdHjpzpueHcdz2zDf2X7-pZc-pgF5Fjt7q8xmdQ94ilewkBJGgf68gt866RP2ELau4LwjE-u9rDNSMlgymYkFY0amRyQamI2Y13DTT43HG8bedqVIS6TEVRM4HDQNWLxXHNCljiJ3IFRgZWbhqhO_BE66btBwtKOGIpMNPZaeomGgG_vCCD_lhj77ugMDEaKgSwZaNceY6uX5LwjXeAymyEioWSciHS-ilFkeXAVtejEgvbYW1Nar5cV8V1eGc-CG2zUePJtuQtK-NKoRfCYsCAxsq9gGylmzNIsjKjSidfzVAemfIuePIu86zoBZjJdhTBjx3TqT3eitYngVg2CNYCdC_acEim1izZmwOqYKKOjxVTFpVMBgIRrUrSAinji8f1H0rFrM4PcUgOfH2C1Wr3YdmaJzrzS4_oFMLZdzrrEfyg-juCMscxswYsD0iXCRaXRQAd4gN0zUSDhnSyEkOPtGS9n-qMungDkU2faTiKvqdW8IN_j8Ecs567bM8rAFxTgADLScUgb6koGkrMFU8Fw13rXRqAMAiQ3fhvh3GuQxvF1Xh4IKWp8ZgUfJKgCmUcuM3pdGqFfi_0jSp0eQLVSxqcB2WA4TPYuhFpK-abjJKUrWjkQkk9a-QwHxrPjlZZm953NMASeVJQmvekmiV7zBNFrqeo_CmBm_eRFcK3h6XAdsNgJbHSc-3WWA0Be6rL2M-JIOpaOcFuffP67UrNTjbxueYPkFrSY4Re_wjZd6o9QrGZsTwBvZkk6Y_du542jh2XV0wUULdidf8D9VkTlZTZyoiijk3AZ0_MzmdsAD18Hw2HCQjI-Is-qXvYtVNZ452HReRgRz48yEJ-N5ya27lnnMbCDjU9wrbVN-SvGfsdFAteJBF4dEkvHcoYJo5Lg9CACVot2IYExZSM34Ok2k00MhmkC3gKnsOkN0fsijr0yWpJtE5dCVzKtLrRjjAfqSWrnG41tDJEBOMyP2jBZ_x5J1-K8LbRoWCAASEuRoBNblnOiFnE199aJ4zOpeP2AB&adsafe_url=https%3A%2F%2Fbuhgalter911.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fbuhgalter911.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Ff494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D2&adsafe_type=bd&adsafe_jsinfo=,id:604a6246-d4f1-b993-9424-7a51c4659ca3,c:v9nzd3,sl:outOfView,em:true,fr:false,thd:1,mn:app07or,rg:or,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:3,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:2dd44a6c-4f53-11ec-ae01-067641d02172,v:19.8.270,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:24:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
57
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9475
x-xss-protection
0
server
cafe
etag
15988442915344899701
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:24:25 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 7A3F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=2746888322727205&bg=!7u2l7anNAAZQLpa_UC47ACkAdvg8Wma_eQfzQ7in4THIGHINHr_pMC7TCwOBaWNoLfjAc4uXJz-g2wIAAAJGUgAAARxoAQeZArBx-A_NAgbh4PpPwiackPEhK3E1Erl-eGeC6LvYwiALFBKXLkRDSIa6luHu2TvZlQzdYnm65usC3JcXVYvOah-jGyovFDLR-xQ9AtHhAQ0Z4HLuzejk8WrtEKcBEyT3bjonAhrCfgMjGyji_uFFlnc8_LkytZPXm4CVJKSF_gykh7JDPWFv2hQXJyBSTw2HqyJQlxFHGNu-t-K3yCum7M4QWkkAh2duLParke7FdBxA1Q036ic5cPoW_MujPwhLlJ-KcKyhd--EeudxgV4sK76wVCl4limI-UO77m2jsMAzOFJV7HpaysyXVa5TWJ-VKi-zkoMPsDwefh52u6rMtReRPwGOO9QbhMul8H64AqFW6pECB4KSDrE9m-kxOshmVoXvyfu6ISRlEUzfLJzhY_YbZio2xsxrwl4SllNTGJ4cu6T6mfXu8RRjmYZIeu2riS6UO5VE3tdc9CVrBDS20VNoXBJ6sCpYikmZgWQjUV2w2wuXMdH4HesvTY3aELcioAbL5O_bITzvVwzLefRu6DMwvXlKoUM3zMsCdpDdHSxydkImH7y_i25K5zL57Smawiqwws8pY8xxgZ-ROidtGqQNzdJFcAssCbg2ozzH45t5Ja9N-2iHHfAnE9nfG917lFLWRa6xadx6AXxNDmhLJxYgEaT5FOhJSfpcug-bITwNrAQ4jcaDOpajS6Awa38rhR_Wb6I1-2L2YgeAwfiFovtiKPrvTFCFJCLP3TtgxUaVunylNJ2sYMnlbIqLkLAQJl4QSQN4LJFQhI5BT0Dg6TeLzr0U-Vlq4wm_1Nfgq0_uSa3DyhLOhQZkty9RxeODSJeFS9LxMTDDmmhK3CqARZbrbQ6KGKsZAmexLWyEYbmW0AFBZCJ6PFyr1ett8U1ZB4aWf4kbZL45RYUZzltwOZgF
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://buhgalter911.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame AD80
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 07:25:22 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 27 Nov 2021 07:25:22 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 07:25:22 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
vevent
fra1-ib.adnxs.com/ Frame 0049 		0
823 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhCH3v2iq_K_vxoYzMawrdKF7tBZKjYJsrtASYFF8T8Re6WH_I5c7T8ZAAAAIK5H8T8he6WH_I5c7T8psrsJJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG94qY4FgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURieG9oSElydFIyQWcyZUVwT2xCUU9kYkYwVFcweWJwU25BM2s3X0VnTEZ3cm1VY19qWG9VV3RjTmZGaDR4T2ozM0xrazVFU1RVQTZ0MkJmWEZqMEIzVEFSUkh3JnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzE5MDkyNDQyOTc2MDgxMzAzMTEiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBb3p3MHqvM-wMcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB6mOBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=7a02ee170a1e705e568682b5cbfd7762b9c337a5&type=nv&nvt=5&jm=1003&px=0&py=0&bw=970&bh=90&sid=2539957561915955141&vd=ct~0|rr~0&sv=221&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=17727240&sw=1600&sh=1200&pw=970&ph=90&ww=970&wh=90&ft=3
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/221/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
667ec1ec-f3ab-49b0-aa8f-eaaa162a19c1
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pa_backupads_lib.js
projectagoralibs.com/libs/ Frame EB84 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://projectagoralibs.com/libs/pa_backupads_lib.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:d405 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
6955
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
A9XFDQZ2GN2GNC7J
x-amz-id-2
6jcIV+hxJoVCclc60WoYMrWHv6DeHWIYj7/1Flj+kmbFgaSI+Rv4Ql1tT4UpkqwkiLEPCLaLj8I=
last-modified
Tue, 20 Jul 2021 08:31:03 GMT
server
cloudflare
etag
W/"2d16b383f5bd347613b311222e31c59d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r6%2FLn0jezkexHLcLE0EHHfFrfVVmrrYtY7jG4cVANyAx2baP%2BQwwDZe8iscBk6PjTPq6JqSXyxbsBTJjJBD113BIFiDH0qzYCu3kR1k1nNIRTatMp%2FHIRmb2%2Fu8dZQwCIVcZkLQd2IsqKzfixBxAj86Ubg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
6b499f468f931f15-FRA
p.js
runwaff.com/ Frame EB84 		143 B
385 B 		Script
General
Check archive.org
Download Go to
Full URL
https://runwaff.com/p.js?i=hkdozpfo2m3gav1931
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/adtag325/latest/pav2_3.25.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-95.fra50.r.cloudfront.net
Software
/
Resource Hash
7ecfde1cc5c8c002812f5cd0febbd26a037618d51d9db24b6fd0870e21fc0a0a

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/syncro?i=rf07l732vciakgacx3n4&a=45f743aa437f6100320c20fa469f3dc93&cb=6458491637997919633
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
via
1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
content-length
143
x-amz-cf-id
UV9dRJxYWbIPNZNRpxzNdF5Mgr_Mda8QXtQv3sEJSeLeiJ2e3ZVcaA==
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
/
projectagora-483829-hdb.adomik.com/ Frame 6F82 		0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://projectagora-483829-hdb.adomik.com/?q=eyJ1aWQiOiJwcm9qZWN0YWdvcmEtNDgzODI5IiwiYWhiYWlkIjoiMGE1MjFjN2YtMzJkMi00MjkxLTg5M2QtMTViNmVmNGRiNjRkIiwiaG9zdG5hbWUiOiJydW53YWZmLmNvbSIsImV2ZW50c0J5UGxhY2VtZW50Q29kZSI6W3sic2l6ZXMiOltdLCJldmVudHMiOnsicmVxdWVzdHMiOlt7ImJpZGRlciI6IlBVQk1BVElDIn0seyJiaWRkZXIiOiJQVUJNQVRJQyJ9LHsiYmlkZGVyIjoiQURGT1JNIn0seyJiaWRkZXIiOiJSVUJJQ09OIn0seyJiaWRkZXIiOiJTTUFSVEFEU0VSVkVSIn0seyJiaWRkZXIiOiJDUklURU8ifSx7ImJpZGRlciI6IkFQUE5FWFVTIn1dLCJyZXNwb25zZXMiOltdLCJ3aW5uZXJzIjpbXX19LHsicGxhY2VtZW50Q29kZSI6IjE3NzI3MjQwX2J1aGdhbHRlcjkxMS5jb21fcm9zXzk3MHg5MCIsInNpemVzIjpbeyJ3aWR0aCI6MCwiaGVpZ2h0IjowfV0sImV2ZW50cyI6eyJyZXF1ZXN0cyI6W10sInJlc3BvbnNlcyI6W3siYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzOTE2MjQwYzQ4YmE5YSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjozMTUsImFmdGVyVGltZW91dCI6ZmFsc2V9LHsiYmlkZGVyIjoiU01BUlRBRFNFUlZFUiIsInBsYWNlbWVudENvZGUiOiIxNzcyNzI0MF9idWhnYWx0ZXI5MTEuY29tX3Jvc185NzB4OTAiLCJpZCI6IjEzOTE2MjQwYzQ4YmE5YSIsInN0YXR1cyI6IlZBTElEIiwiY3BtIjowLCJzaXplIjp7IndpZHRoIjowLCJoZWlnaHQiOjB9LCJ0aW1lVG9SZXNwb25kIjozMTUsImFmdGVyVGltZW91dCI6ZmFsc2V9XSwid2lubmVycyI6W119fV19&id=0a521c7f-32d2-4291-893d-15b6ef4db64d&part=0&on=0
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.128.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-128-217.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Date
Sat, 27 Nov 2021 07:25:22 GMT
Server
nginx
adfetch
googleads.g.doubleclick.net/pagead/ Frame 3AA2 		101 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adfetch
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
642d525b2b065ebca4319c7cdc79ca9d896783c399bea4b60b2485290edc9851
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLxtuKBuPQCFcag3godMZEKTw&gqi=Yt2hYaKYFKCdx_AP8byhuAE&layout=/sadbundle/%24csp%253Der3%24/9446523524146044702/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COLxtuKBuPQCFcag3godMZEKTw&gqi=Yt2hYaKYFKCdx_AP8byhuAE&layout=/sadbundle/%24csp%253Der3%24/9446523524146044702/index.html
content-encoding
br
x-content-type-options
nosniff
server
cafe
date
Sat, 27 Nov 2021 07:25:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37854
x-xss-protection
0
vevent
fra1-ib.adnxs.com/ Frame 1395 		0
823 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhDg_faYs9mY9z8YzMawrdKF7tBZKjYJPL8oQX-h6T8RWm8vxEXJ5T8ZAAAAIK5H8T8hWm8vxEXJ5T8pPL8JJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG9479YFgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURWdGFHeWpsZURmVXN3bnRYdUhLcHpCYTVJRUcwX09ZbV93Ty1JdFBlWmUwTWp5cVBHd3l1NkxILXVxdWRQdTdBN0UyUVBTVWpZUzliaXVFRG96UU5TekpmNkpRJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzQ2MDY3MjgwOTM3MjIwNjY2NTYiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBZiEg6f9quKRc8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB-_WBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=1b0259e7a839b63cd64083167a9111da6ec16ab9&type=nv&nvt=5&jm=1003&px=0&py=0&bw=970&bh=90&sid=2539957561915955141&vd=ct~0|rr~0&sv=221&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=17727240&sw=1600&sh=1200&pw=980&ph=90&ww=970&wh=90&ft=3
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/221/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
7eee941c-1151-480b-95cc-631ec32424fa
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 43E3 		1 KB
749 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Sat, 27 Nov 2021 05:53:44 GMT
expires
Sun, 28 Nov 2021 05:53:44 GMT
content-type
text/html; charset=UTF-8
etag
48472445140208031
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
age
5498
cache-control
public, max-age=86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame C27B 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b10f455f1ed931df225b2009c060fe100856445e369e730cbb650f830abec7a2

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
Pronamel_ION_NL_728x90.html
s0.2mdn.net/sadbundle/3721678403370467213/ Frame BCBE 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
3b08925331198abf43250c5552c0daa9ca23853539b338341087eea3671189cc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
content-length
2411
date
Mon, 22 Nov 2021 12:54:36 GMT
expires
Tue, 22 Nov 2022 12:54:36 GMT
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
412246
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame C27B 		0
515 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTW4K5sYjpWAVUapPS3ghUACD1_9eCE8iJFkLWAhG90uGDwHbhlc_PyZsF5IhgeXiR6KZzXO4ZzMTt8ShsQKsUN7Gs-YiReiAnCA88NVgf1y8sHlgvcookbsQOCG12BqtLLQx4NJ6Dq_DsKqpiCSFOtw&sai=AMfl-YT4R5pSSpdthUQRkv3H_KV2UeF0iPbyrvQRQW6kvaEwxy7OxO705LRmLgqU2AzQ6qwFxeVf5xCz2nD6AtEQPw7lPBBiKALaJ18&sig=Cg0ArKJSzN4SbWP3MURIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=162&cbvp=1&cstd=160&cisv=r20211111.66709&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.98 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
async_usersync
ib.adnxs.com/ Frame C152 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=1119064&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
deb1cbbc-9bdf-42a8-9c5d-6ec69a2c776d
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame 840B 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
logo.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/logo.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
706431832da1dc887051740282b400cc52c6cbf1b0d2a4ea47b9f3eaee2bb4fb
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
83994
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2383
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Fri, 26 Nov 2021 08:05:28 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sat, 26 Nov 2022 08:05:28 GMT
text-1-horizontal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/text-1-horizontal.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f407afb6e31e94afa02ee6432e02129cf43f15c7955e9f53c645c5d844d5019
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
263009
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1515
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 06:21:53 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 06:21:53 GMT
button.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/button.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b293da293e978e3003163a6591f1c97201ef6b6bb5906b9cf06f1230b6b526dd
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
341140
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1305
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Tue, 23 Nov 2021 08:39:42 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 23 Nov 2022 08:39:42 GMT
text-2-square.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/text-2-square.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0ec1afe33642581fe576eca90626e9785ec77e73f7b2408f3b9c64f5c8d88f8c
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
341140
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
991
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Tue, 23 Nov 2021 08:39:42 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 23 Nov 2022 08:39:42 GMT
bg-image.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/ Frame 840B 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/50141695197413260/bg-image.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/adfetch?adk=2930922563&adsafe=medium&client=ca-pub-5722610347565274&format=728x90_as&ip=109.201.143.0&output=html&unviewed_position_start=1&url=https://buhgalter911.com/&sub_client=bidder-436285&hl=nl&aceid=MF8TtABZGLQAvxm0AAkbtAD5VTQBF280AcJvNAHMbzQBBXA0AR5wNAEtcDQBL3A0ATRwNAFHcDQBXnA0AWxwNAFtcDQBgXA0AYpwNAGScDQBm3A0AapwNAGucDQBsXA0AbdwNAG4cDQB0XA0AdJwNAHccDQB3XA0AeRwNAHpcDQB9XA0AfZwNAG3bEEBS3NBAVNzQQEBeUEBXxxcAh4dXAJn-YgCtj6qAidCqgIoQqoCK0KqArZCqgIWXKoC0WGqArdlqgIjbKoC_XiqAn57qgJalKoCs5SqAjaZqgKAm6oCgZuqAoKbqgLanqoCep-qAmGhqgLro6oCpaeqAqKoqgIrrKoCG66qAh2uqgIprqoCBa-qApWvqgJ3sKoCerCqAn-wqgKJsKoCuLCqAkizqgInuKoCGLmqAhW6qgJFxKoCbMSqAhzGqgI5yKoCM8qqAjTLqgLWzKoCvc2qAi7OqgK7zqoCAtGqAmbRqgJP06oCTNWqAk3VqgLK1aoCStaqAk7XqgLi16oCHNiqAlXYqgKE2KoCp9mqAtraqgL62qoC_9uqAmDcqgJq3qoCzt6qAtjeqgI74aoCb-GqAvfhqgKO4qoC1uKqAmPjqgKb5KoCo-SqAs_kqgIr5aoCoOWqAirmqgK15qoCd-iqAonoqgKg6aoCuemqAsnpqgL86aoCYeqqAjbTgwgD558LhdxRDcLYoQ6PoTURzqE1EdKr-xKQsPsS1Ln7EgbJ-xK51fsSu9z7EjPk-xJF5_sSCej7Enrr-xIg7PsSS-37EtDt-xJ27vsS2e77EmHv-xKWZmQT6VvQE8Rc0BOv9QMV91ZrGlkAkil_y7Uu6bW9aWOxG3g&awbid_c=AKAmf-DuckIx5rD_HDn3JFYpzhjptRpCcJAJe7--2Ta3h6Jxdv2D4zl0EL-NJjSQ-XZVdoBeWZOaKHJXVncoioYW2pd3dZEpyBTLCzHaQ23o04tObF3uHSJSbn_Ox9ciT2etDBEoWKzXjtiCDdxkWPM_e7OC7nuHtw&awbid_d=AKAmf-AZFojBbumS4AVeG5Wx10msK-Tdg9znUbkQSmG7KUZAZm0KxhFVXygC2jBsbsh3RqreuZ8l4_kAhNZM9She5U9qzSVKw--8DvN0F6M3wSF7b2ALWnF9stbTrGZEb9KJn4gTludojGEdpGM9W52tgwN1-6NTuUkFrUxkNyl3PIAJ7kJc_vrxgThcYyqjaoF2a42cYuvKp3m882LoyINlIxBoRIX-hhL0aqHFMs9l9-2SUPcyKcPBRlFQHRCT_sLJbBPVWIR6_uw3I5rhh6dG136W-8NY0RCayMEhyDrowDi5BzG1LCHpsqttdu300TWzaOKo393CDku-kAKsR1Fptx-TOOCrexSgoRm-LUxvGQiETiVYgGQaiJXxSh7PglE245YdiAJEQK5eepTQUPLev7S86HS89c7G6w72X3qtL3Id8yC3r3sd6lhhP-idkd9KksXKsDkck9ZBmNDseeg8ZNROjIiKCYwvwIZ5QtjY__r79MXMdVc2HZeYAL5d25jovgaMvpcAwkh--f_A6llwKTktFVN9ZRNDGLH5xt1_5PpBT0m7ObvaOw-BfEuaR_9Lml76LOKmKHCNR1JvhcxQAQCkw2eNG9rLYPj8IcC2yhUAtyVElDhbaLYm132DucjkdHh4xRvtJMOX3bImeDMDW_vAOxO1Dee_tHUqQ12ZJ9fCDtAa22Y&cid=CAASBORoTqk&exk=896681683&rfl=https%3A%2F%2Fbuhgalter911.com%2F&a_pr=13:YaHdYAAAAABSJ71Od9sZgPsMFRecWV3yWu2M7Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63c1a989826d295b0f82eb942dbea2e7a6440ea643782689d3d53ca05abfdfc8
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
586542
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56268
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 12:29:40 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 12:29:40 GMT
async_usersync
ib.adnxs.com/ Frame A153 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=1119064&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
30152c54-f471-4dec-8ff7-5a30cd0ef74a
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
adfetch
googleads.g.doubleclick.net/pagead/ Frame EF25 		101 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/adfetch
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
abdaede377af65cf46344efff9106f62e6560a00d364f731f070fa7dcd3608f0
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIG8veKBuPQCFcJx4AodMz0GAw&gqi=Yt2hYcPkGoSCgQe5i73gAQ&layout=/sadbundle/%24csp%253Der3%24/9446523524146044702/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

timing-allow-origin
*
content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CIG8veKBuPQCFcJx4AodMz0GAw&gqi=Yt2hYcPkGoSCgQe5i73gAQ&layout=/sadbundle/%24csp%253Der3%24/9446523524146044702/index.html
content-encoding
br
x-content-type-options
nosniff
server
cafe
date
Sat, 27 Nov 2021 07:25:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37800
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame DE4F 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BkyHCYN2hYcvNK9Hs3wPFp7KYBwAAAAA4AeAEAg&bg=!-fql-r7NAAZQLpa_UC47ACkAdvg8WkJkAz-vTc66utKyveMkgBNtwdKZc5L-VzpDDZhzwoiZkcd3vQIAAAKXUgAAAERoAQeZA0nz2cdzz26HZYDxk3kR-nRpFwLH0azwzxpEHp6HL5TxaUHXHTcHEFTgd9Wk5oKovlJsrLa9onLMlht9jpnpLuhhNmT5g7CEv4qZPJUGPjokBTOPEDMq4GQHsmO8iI1EloH0exp0GzbC3MQ4xy7IqbwPWURPvO7W80CsFfVO4KYeh6Lh--XFMr--JKXD72TLG1l4ZF4br0jGjv_MuqjaSYlIirUs4y6y5CFNRp7-Uc1p6vyDyY28qs_ofMu-XGychvzxfuWkLFAIhJu5JKd2zVzObSLFQfqw0TpoiqUMkhavTWDpZ0yNR-LGQ6IC1JJLjjIrX8OwQdmsJsQeAilI6pLWVYZxJKa_nSZl_pdcgoM3jfkCYVvosYrf-9ek8X4xbhhAEejSSc_dGJ8S_KffDIZj4kLQlc15StIcwq4fdNHFemfAILCd3BJc25ap4GPemKlrUHXvcnUPJ88j9C9m1IwlAQdDM-rb4uloH6TSyG3Ds3pQ1igoPzGYeEjfiDY9UTsOHQg9il30mwn0q45B3fdeERoN07RIsoSifi4weONqmxkZJ0N6XTqk0FTxJBcXcPc7sIZmxW4J1-XD5ougz-lZTa-3RMNfGLD2nxXoqrguSu8T8F0RJXVKZDlCRVaERDtYskAcyMQGIN21aZViuLpOqsW74Zs1PrUyarP4nVw6UUkSyXxi_uOp7Hf8AFq12c_r7SgCL7YMcVxqzCLtmW-TA7ozA0BjBhr5KU2BpwU9eJ0edQ2isVMuWfRGvCXX4rBeVDE8Pfdleyee3GMMMKg0H0apuIw_NfHALivX-Cg194gLktu4HUg-M_rmOLHJ27jQ8oUSBEk--HZWEqYOW6p0AlYRiJ5LDTn26B33IKqVH1Xg0ERojX34AIfUVCSwQL5FFlkSlQo9lxlVztUNQJ4rYGpMjiuGZcKus0lf85WiXK07URhk-EdWrglcYE4I9ILUwP1V-kI8DQqxFbULD2yVkxkqcY16MzcElz_oxRGU9qISd3f-hd1JdfsglS4spyYkjmq-YznJmnzxKJatzGx3mkyX3AQrf1KP5zOA8uGS1B6xp5uxua_A5kF0Ou1I8rJwjT9TqmZUzipeI_j9o6-PNxnpEXiOLs1Q
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzpi,pingTime:-10,time:782,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuNDUgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1637997922468%7C%7C033cfc9aa92940a8e504ffc9db48da27%7C%7Cb4088f046bf9a570f2964ffc86d258ff%7C%7C07cef9cce55361a990938d2505f8033c%7C%7Cde27d3ba9f169256312b2785620bb2ce%7C%7C59060a2af79217d8dbef8fbec3ed2e4c%7C%7C1b1e90860ad9b52321421753190fdde0%7C%7C071fb00ef85787bd747a443acd6453e5%7C%7C1629390669%7D
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Server-Name
dt40.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		80 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88c93c0c08742c1c370ffea548c761c0ea1fe1a4bb8ddabb3be155ee8fe7d1c4
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Thu, 25 Nov 2021 08:26:05 GMT
expires
Fri, 25 Nov 2022 08:26:05 GMT
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
19662
age
169157
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame 3AA2 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
787
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9475
x-xss-protection
0
server
cafe
etag
15988442915344899701
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:15 GMT
window_focus.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3AA2 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
792
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
server
cafe
etag
11377196957905752455
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 3AA2 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:22 GMT
qs_click_protection.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame 3AA2 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d165fe5be8abd1e2e92a5f471ba17c9d6721a7ef6ed77b0388763308701926e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:16:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7279
x-xss-protection
0
server
cafe
etag
7604824147042859696
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:16:58 GMT
l
www.google.com/ads/measurement/ Frame 3AA2 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRDZIkuHhJdbV4tUi_FU4Pyi_L8Rq1xTHdIhzuGBDq5V9DUAXsnWHDLX2QrmXgkirIXCDaMsDrqJRUXcOeGa_8jgHxGFg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
adview
googleads.g.doubleclick.net/pagead/ Frame 3AA2 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=Cn5QdYd2hYbTXKJLI1wa_y73QCL_0tJZlxsOa-NkNkPqJ50cQASDml9YlYJEEoAGmuJPrAsgBCakCf0-26Wnwsj6oAwHIA0iqBN4BT9AmfdPKiUNgNWRLs8QnZ-Pz3G0QYE2PLtZKX_lJ0DDszuPWGygCCWKehNr7hy1OFKfU7G04sty336uyfoQDSQfrvY_n5-7cnheCfChT-8HdSzuB677cn9TQgrB7jpZRnBbJcr1Pj5y65FPvwuFeVrk47ga3yJxXHhG1zqXZxorTy8sfdN_n9Pf6FyQZGXmZSoFW6XjcW7vOBTxSqOH2Nrul6pr1d_6hcTZ5cmongAyvCqbWIXZp5niEkVkuT7a9c_LlcMuYw8UwgdmJK_lbJYyqSzKZzNVwqzuDtIQnwATnkLXNvAOSBQQIBBgBkgUECAUYBKAGLoAHwsfslAGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHANIIBwiAYRABGADyCA5iaWRkZXItNDYwNTMyN4AKBMgLAdgTDYgUAtAVAYAXAbIXCAoGCAASABgA&sigh=vvJsCcdAqSQ&uach_m=[UACH]&pr=10:1.079469&template_id=419&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 27 Nov 2021 07:25:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
createjs-2015.11.26.min.js
code.createjs.com/ Frame BCBE 		186 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.createjs.com/createjs-2015.11.26.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00::210:ba1a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
server
Apache
cache-control
max-age=900
vary
Accept-Encoding
content-type
text/javascript
x-n
S
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:40:22 GMT
Pronamel_ION_NL_728x90.js
s0.2mdn.net/sadbundle/3721678403370467213/ Frame BCBE 		75 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
dc9244a2ddaab9795c465eb3ee97484d2d0c2b6eed0e0a6b45ba132660ccc76c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21870
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:36 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5241 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021111601&jk=3341503723144202&bg=!urmluf3NAAZQLpa_UC47ACkAdvg8WhJbQN2wHAux4dL1mNUlOQ-KXQtAoOT99uEQn5mSW034OEJymQIAAAJHUgAAAE1oAQcKAKhzRESMPKk2rccapWHcBd6b4k5mp1_GUk-TwfVPdR-PlUMFFKPmZk4_7MMGdR9mbfoc151d9lTjpogANoGGJnpO8SQCspd-TUSTaCNDj0xCCRynionOmOaJe9uHcxcxOwVWNHqsJhn9OSaPkzL6ZM_riQH3lqPSOjM-aMN5fQlmwq0FCekHh-ngaHUSht98GESBMArzBIqsBsa6AI3r6b0Iy-itcXYQFS6ZApWY2iP-fmBds3owD-7DNQsGhaRV9_nz4ktbkJg5vfIUN87KD3RiWR1dWvvu8oEWgyjIFkx_a8mSk2ZXGAcXA9F19RkCt3yZ8r1eIngiWtlcObXq6ITr4WHq6G9mlPDM-6pvQvFTbYPltf74j3oEpdpom1h99f6q84kkWGhr0V-KCdal0M50F-pfb8VqDQNNw1-7YdltoGqbVuOnGi1oAuUHX_3i4H3ao80FnBVx3WYlVm3BSb2FuRsvUxCQfJdsjnZxjzWBpPcyB8A3TPxksV2UjRlDKvW334jqNuWjXVtUU41fayCPVCfl1DS_YyZOVwPF5v7WHhcMgO6ArI70bUcAuhKdFUF3XsOI1mTfOCL-7iBGgnv5xYC3_cYqhQO25xdnTkum4AUv9Bb50rVnmQu1jtpNl1eNS-C8y34UmoDSsHgHiBuQKatH_Serzk2r7SRGpAlTBBOdsE4HTe99lKukuEMx7B-tY7tkMMR3Oh-2cXggoPxlt69u4LL7JCkcgBwEY-TAUiMBwNxX44kL07xelQb2E5O1NFhZN4QaiRD6PFmsa3DmVunBDyjNprk9Wn67KXR-4vHCOENk72--CeXRjpyPMa87p1xVqq8v8z-p8keXXIErCWV967EAsTaw8PS0QODFgt9EKAW-Q7wzLMQXJmBL9lWJG5IjYJv8NWAMf_XCLePXnoYNIWjBmowdRxCuaC0GcTe3JKYJv-vcxJTHhb2QupHnR8f0eiwy88R-xuFcTlbhC_NrxPntPAoaLFUDl11zEmtwRxZDuP2tD1LSSda0dDycULGIve1DEQ1hILtDVGelhZw9pBD8SVzFPslnBtKosCLr5I5sh1tKSUgA8ffX9U_jW5mS1dSBaqVPoHpcQUhR
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEHudH0mCeGwSw1-WHRTkkVE&google_cver=1&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63o...
  • https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=nxphod1gSACg6OupJK9Dlg&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63oqfLM4xSEGeE
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=nxphod1gSACg6OupJK9Dlg&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63oqfLM4xSEGeE
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Sat, 27 Nov 2021 07:25:22 GMT
Server
MT3 4133 baa842e master zrh-pixel-x13 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=nxphod1gSACg6OupJK9Dlg&google_push=AYg5qPJeNq-Aep0pZmazATsRqUqPc1AMVLKIQpjLZwpnVaSdgi7pr46r_rmbWK5hS1OFb2sD6lcKFj7pmLyJN63oqfLM4xSEGeE
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Sat, 27 Nov 2021 07:25:21 GMT
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWFIZFlBQUhuSFlTV1FBeg==&google_gid=CAESEPJoHcPs3UDyg0eghb2aV5w&google_cver=1&google_push=AYg5qPImseaEqhjk3nL7g-7R5cT1Mukgnx...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWFIZFlBQUhuSFlTV1FBeg==&google_gid=CAESEPJoHcPs3UDyg0eghb2aV5w&google_cver=1&google_push=AYg5qPImseaEqhjk3nL7g-7R5cT1MukgnxJDBoiIXDHiEQKRaGc-xAFBp64dXkR7DIgv8J0z8D3Hc9T3wPrQTxvtQiOTDYmz9bo
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
via
1.1 varnish
server
Varnish
x-timer
S1637997923.577577,VS0,VE0
x-served-by
cache-ams21043-AMS
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWFIZFlBQUhuSFlTV1FBeg==&google_gid=CAESEPJoHcPs3UDyg0eghb2aV5w&google_cver=1&google_push=AYg5qPImseaEqhjk3nL7g-7R5cT1MukgnxJDBoiIXDHiEQKRaGc-xAFBp64dXkR7DIgv8J0z8D3Hc9T3wPrQTxvtQiOTDYmz9bo
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 43E3 		0
141 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMc_RRHfzpg81RTYtTYQrXk&google_cver=1&google_push=AYg5qPIhRD0aEWwTIfQoKmjsTyrbrcUDt2o8WPz0TAhTW-S25rcGVfS1ft4ThweOFqTRrzH6Zs9XGqfDTMONCPGTFheUnMewzRY
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
via
1.1 google
alt-svc
clear
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESEIbjEl7jTDBNJrHhAR8z-P0&google_cver=1&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Uj...
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Xmp37L_HQxCeAQkg9ElGcg2&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Ujx2H1UCPjwlc
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Xmp37L_HQxCeAQkg9ElGcg2&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Ujx2H1UCPjwlc
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 27 Nov 2021 07:25:22 GMT
via
1.1 google
x-engine-version
0.0.0
server
nginx/1.15.12
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Xmp37L_HQxCeAQkg9ElGcg2&google_push=AYg5qPK_ehlPhGxjcQG1LExZ8stC2Vw2kFtH0OyHfUBfqDPUEfw5Lv6bUpjA76euBZ6JmQE4t-f1zAr0yWv-J1Ujx2H1UCPjwlc
x-host
tde-deliveryengine-production-d7b5884bf-phm6b
alt-svc
clear
content-length
0
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEBaXnaX2x_EKslXoyjkVdYo&google_cver=1&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g&google_hm=NTYwNjY3MjM4Njk0OTYwNDI3...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g&google_hm=NTYwNjY3MjM4Njk0OTYwNDI3OQ%3D%3D
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 27 Nov 2021 07:25:22 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPLFgM07HF5gzrCh4FLrJaLqWbHWEHRmqVTtFdFqUI8gdSPN9SFq8wKAw1AmEkvOD_UHGfhu2bpksmVKLUL5-47PE4IO2g&google_hm=NTYwNjY3MjM4Njk0OTYwNDI3OQ%3D%3D
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJ0Wre4T05q6Ds6JXE53BrA&google_cver=1&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLz...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI0NzI5MTU3MTY5MzU5MjA0&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLz...
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI0NzI5MTU3MTY5MzU5MjA0&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLzM-nxUjm2op4aZWxvMEU
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjI0NzI5MTU3MTY5MzU5MjA0&google_push=AYg5qPIVkuZGbg3-Q2iW8xbRUawmNTIu9_vrxcGXjHZSU4lDJ5Qa-no1XGPy8ikBwKnAT5HcE90HuvLzM-nxUjm2op4aZWxvMEU
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame 43E3
Redirect Chain
  • https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEBKgftdcC_Ag3bXu2gVM0D8&google_cver=1&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnT...
  • https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnTZp4iVkYSGdg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnTZp4iVkYSGdg
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sat, 27 Nov 2021 07:25:22 GMT
via
1.1 632ee301c4920b52f2463aa9e978c57f.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA50-C1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPL8MFS_wJm6-GV-L-5BBEJvvvWLqoX0Wo_5gmRCc7w964pajVNulMn3pzcmvIU65YnjC7UvQw4ReXBpvZnTZp4iVkYSGdg
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
66wfImNyL3AmMgaWvKM_WtSEtpiZeiXW_4w2fKXcmaZqIeCb6Z_0zQ==
attr
cm.g.doubleclick.net/pixel/ Frame 43E3 		0
12 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K5xu-7kSQ0hrLINfcE3zY5rJ6pbmEg5as3bO4CrDrwkXoRlx4HnF9-zQPeuSWhBvTIVpZQ
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		80 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88c93c0c08742c1c370ffea548c761c0ea1fe1a4bb8ddabb3be155ee8fe7d1c4
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin
*
date
Thu, 25 Nov 2021 08:26:05 GMT
expires
Fri, 25 Nov 2022 08:26:05 GMT
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
content-length
19662
age
169157
cache-control
public, max-age=31536000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
abg_lite.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/ Frame EF25 		24 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
787
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9475
x-xss-protection
0
server
cafe
etag
15988442915344899701
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:15 GMT
window_focus.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EF25 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/window_focus.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:12:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
792
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1345
x-xss-protection
0
server
cafe
etag
11377196957905752455
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:12:10 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EF25 		119 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37119
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1636547677202025"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sat, 27 Nov 2021 07:25:22 GMT
qs_click_protection.js
tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/ Frame EF25 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20211111/r20110914/client/qs_click_protection.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1d165fe5be8abd1e2e92a5f471ba17c9d6721a7ef6ed77b0388763308701926e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:16:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
504
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7279
x-xss-protection
0
server
cafe
etag
7604824147042859696
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 11 Dec 2021 07:16:58 GMT
l
www.google.com/ads/measurement/ Frame EF25 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRvTVkwk79GFv5uVhGbo3OyfAIw8bMaGtCZK9p9paS8RmVxcjtfjt3VOWO0tXSf6zO5FTqx_RCVOmbcYzHDeAGf_Eodrg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
adview
googleads.g.doubleclick.net/pagead/ Frame EF25 		0
17 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C823PYd2hYbTOM8iCxgLwiqPwB7_0tJZlxsOa-NkNkPqJ50cQASDml9YlYJEEoAGmuJPrAsgBCakCf0-26Wnwsj6oAwHIA0iqBNgBT9DZvVwekbaRAWRGQepGHAWo056NkEboG0eVVuLkt9NbHPEl0FN_X6IWbXL4MxXGl9z9esBVzYmf9VH8leZ3p4AzlwBGIbGzJhuLr-L5mhzHddxlC91_YTiUhdUOkozzeVbg3qUcyvuRJRY4bS3-iuOR9be4Xhzu2mYlagyxiOAQW9L4nkWMMSrJEd6uu9Mj0d1Rd9e0TTsTq6eXGvyUXgRruiTr5u0RWqGmrxnTIJfvcUxR7wEMcINZSXK8_H5KMGuUMEidnQeXnP-P090tp51SHH4kB2bmwATnkLXNvAOSBQQIBBgBkgUECAUYBKAGLoAHwsfslAGoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHANIIBwiAYRABGADyCA5iaWRkZXItNDYwNTMyN4AKBMgLAdgTDYgUAtAVAYAXAbIXCAoGCAASABgA&sigh=hz0ktYsegLc&uach_m=[UACH]&pr=10:0.800964&template_id=419&vis=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Sat, 27 Nov 2021 07:25:22 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame 1FEC 		143 B
163 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html

Response headers

content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Sat, 27 Nov 2021 07:02:16 GMT
server
cafe
content-length
145
x-xss-protection
0
cache-control
public, max-age=3600
age
1386
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 3AA2 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a8acbc0fa5ff9f288200b044f179264a7e096ebf666d6aea824ed4761c63868d

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 89C3 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 04:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10949
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sun, 28 Nov 2021 04:22:53 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 89C3 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61396
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 27 Nov 2021 14:22:06 GMT
truncated
/ Frame EF25 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e005e5b5bd0708c6d7cc6e8e34e7469749382adf152428af9fbc749aa93c5c5

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Content-Type
image/png
Enabler.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E4BF 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 04:22:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10949
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5866
x-xss-protection
0
server
cafe
etag
544157900006238945
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sun, 28 Nov 2021 04:22:53 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E4BF 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 14:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61396
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Sat, 27 Nov 2021 14:22:06 GMT
bg-arrow-970x90.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		317 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-arrow-970x90.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfe648aacb5cdcf19d850f54c68d244c2fdd65e7ab0bd48f39048891e229807b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
bg-slide.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		140 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-slide.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eff8b6d9be1eee63c8359b5d773e949f3220f184685cb46d6595dd5c7caef95
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
258090
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 07:43:52 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 07:43:52 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 1FEC
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
16 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 07:25:22 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Sat, 27 Nov 2021 07:25:22 GMT
cache-control
private

Redirect headers

location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control
private
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 27 Nov 2021 07:25:22 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
glowglasur.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/glowglasur.png
Requested by
Host: f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
URL: https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
18b3f553ed4e99f00487ba3d580a56b277a3a9afac4fc2af47cd7d976054475a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:36 GMT
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2335
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:36 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame C27B 		0
23 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstTW4K5sYjpWAVUapPS3ghUACD1_9eCE8iJFkLWAhG90uGDwHbhlc_PyZsF5IhgeXiR6KZzXO4ZzMTt8ShsQKsUN7Gs-YiReiAnCA88NVgf1y8sHlgvcookbsQOCG12BqtLLQx4NJ6Dq_DsKqpiCSFOtw&sai=AMfl-YT4R5pSSpdthUQRkv3H_KV2UeF0iPbyrvQRQW6kvaEwxy7OxO705LRmLgqU2AzQ6qwFxeVf5xCz2nD6AtEQPw7lPBBiKALaJ18&sig=Cg0ArKJSzN4SbWP3MURIEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=550&vt=11&dtpt=388&dett=3&cstd=160&cisv=r20211111.66709&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.98 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Sat, 27 Nov 2021 07:25:22 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
bg-arrow-970x90.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		317 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-arrow-970x90.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bfe648aacb5cdcf19d850f54c68d244c2fdd65e7ab0bd48f39048891e229807b
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
229
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
bg-slide.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		140 B
168 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-slide.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2eff8b6d9be1eee63c8359b5d773e949f3220f184685cb46d6595dd5c7caef95
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
null
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
258090
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
138
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 07:43:52 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 07:43:52 GMT
glowpro.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/glowpro.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
63bf8d7e8ae2b2a8c524e239d20e7e648770b94a0eea9a8a7997052bbb277508
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:36 GMT
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1275
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:36 GMT
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame 89C3 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
logo.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/logo.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
706431832da1dc887051740282b400cc52c6cbf1b0d2a4ea47b9f3eaee2bb4fb
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2383
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
text-1-horizontal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/text-1-horizontal.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f407afb6e31e94afa02ee6432e02129cf43f15c7955e9f53c645c5d844d5019
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1515
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
button.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/button.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b293da293e978e3003163a6591f1c97201ef6b6bb5906b9cf06f1230b6b526dd
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
169156
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1305
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Thu, 25 Nov 2021 08:26:06 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 08:26:06 GMT
text-2-horizontal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		2 KB
1011 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/text-2-horizontal.svg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9467ad6fddf355d39bd47963290339b7fc9821739f025fc0c367def44746014e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
169157
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
973
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Thu, 25 Nov 2021 08:26:05 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 08:26:05 GMT
bg-image.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame 89C3 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-image.jpg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/render_post_ads_v1.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63c1a989826d295b0f82eb942dbea2e7a6440ea643782689d3d53ca05abfdfc8
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
258090
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56268
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 07:43:52 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 07:43:52 GMT
IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
pagead2.googlesyndication.com/bg/ Frame E4BF 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/IDpL2rJiZrNY3rYqo4eIGDY6phXtx-GzYRENHMIWWlE.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 02:34:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
17461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13371
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 11:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 27 Nov 2022 02:34:21 GMT
logo.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		6 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/logo.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
706431832da1dc887051740282b400cc52c6cbf1b0d2a4ea47b9f3eaee2bb4fb
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2383
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
text-1-horizontal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/text-1-horizontal.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f407afb6e31e94afa02ee6432e02129cf43f15c7955e9f53c645c5d844d5019
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
568971
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1515
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Sat, 20 Nov 2021 17:22:31 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Nov 2022 17:22:31 GMT
button.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/button.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b293da293e978e3003163a6591f1c97201ef6b6bb5906b9cf06f1230b6b526dd
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
169156
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1305
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Thu, 25 Nov 2021 08:26:06 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 08:26:06 GMT
text-2-horizontal.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		2 KB
1011 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/text-2-horizontal.svg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9467ad6fddf355d39bd47963290339b7fc9821739f025fc0c367def44746014e
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
169157
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
973
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Thu, 25 Nov 2021 08:26:05 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 25 Nov 2022 08:26:05 GMT
bg-image.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/ Frame E4BF 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/bg-image.jpg
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9446523524146044702/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
63c1a989826d295b0f82eb942dbea2e7a6440ea643782689d3d53ca05abfdfc8
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options
nosniff
age
258090
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56268
x-xss-protection
0
last-modified
Wed, 24 Mar 2021 15:34:46 GMT
server
sffe
date
Wed, 24 Nov 2021 07:43:52 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Thu, 24 Nov 2022 07:43:52 GMT
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzuH,time:1117,type:e,im:%7Bpci:%7Btdr:1018%7D%7D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1117,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1112~0%5D,as:%5B1112~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:135,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:22 GMT
X-Server-Name
dt40.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
glowshape.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/glowshape.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
29b9db587496c6bd99e671af1dcb395dfa20c5bbf5ae26f0e2c0c85ed9614167
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:36 GMT
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2179
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:36 GMT
Pack.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/Pack.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
4cac7ae10b642d991145505ed5ae9c55aa4f139e27900c8fe24acc2285612858
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:37 GMT
x-content-type-options
nosniff
age
412245
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22425
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:37 GMT
pro.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/pro.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
e71fb1f132445ea4b054ac8165116bc0850ca64d16dfb8a5b9a1bf8363238682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:37 GMT
x-content-type-options
nosniff
age
412245
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12107
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:37 GMT
rock.png
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/rock.png
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
91ef4292bda21e32ea50392e2659cd158681f9b19f3cc11177ea62482928c4ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:37 GMT
x-content-type-options
nosniff
age
412245
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20877
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:37 GMT
rockbig.jpg
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/rockbig.jpg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
34896f4a9ee1a27896ba8833180dce8bcccaeaa25566b7819b0126ec4822973d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:37 GMT
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24768
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:37 GMT
Water.jpg
s0.2mdn.net/sadbundle/3721678403370467213/images/ Frame BCBE 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/sadbundle/3721678403370467213/images/Water.jpg
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
3e5c7c0bdec79bc724927b3dec768e0f918b437070e4e268c92167b5b17ca49e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://s0.2mdn.net/sadbundle/3721678403370467213/Pronamel_ION_NL_728x90.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Mon, 22 Nov 2021 12:54:37 GMT
x-content-type-options
nosniff
age
412246
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6437
x-xss-protection
0
last-modified
Fri, 29 Oct 2021 09:45:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 22 Nov 2022 12:54:37 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 04AF 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstuvelEyeSC5Muhvoti9RAs42-yXgkpfXlNZAZm6m0zP_BT55XcOd5ubGLnCr2XGZIS9XV1NJP6_GloWX6NjMy7ua3WvKMJFCtB7_o2GIdycS162dw&sig=Cg0ArKJSzMqBOU2scy2fEAE&cid=CAASFeRoXhD3GBg822cc7HXk7ukn18GfCQ&id=lidar2&mcvt=1001&p=0,0,90,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=2930922563&exk=896681683&rs=5&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637997921320&rpt=559&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
adx.adform.net/adx/unload/ Frame 8290 		35 B
494 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://adx.adform.net/adx/unload/?1637997923215
Requested by
Host: s1.adform.net
URL: https://s1.adform.net/banners/scripts/adx.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.23 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires
-1
vevent
fra1-ib.adnxs.com/ Frame 0049 		0
823 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhCH3v2iq_K_vxoYzMawrdKF7tBZKjYJsrtASYFF8T8Re6WH_I5c7T8ZAAAAIK5H8T8he6WH_I5c7T8psrsJJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG94qY4FgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURieG9oSElydFIyQWcyZUVwT2xCUU9kYkYwVFcweWJwU25BM2s3X0VnTEZ3cm1VY19qWG9VV3RjTmZGaDR4T2ozM0xrazVFU1RVQTZ0MkJmWEZqMEIzVEFSUkh3JnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzE5MDkyNDQyOTc2MDgxMzAzMTEiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBb3p3MHqvM-wMcAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB6mOBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=7a02ee170a1e705e568682b5cbfd7762b9c337a5&type=pv&jm=1003|1015&px=0&py=0&bw=970&bh=90&sf=1&sid=2539957561915955141&vd=ct~0|rr~5&sv=221&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=17727240&ft=3
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/221/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
823fd599-a2cf-4d26-92a7-0a071be129e8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
publishertag.prebid.113.js
static.criteo.net/js/ld/ Frame 8EA5 		85 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.113.js
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 12:50:31 GMT
server
nginx
etag
W/"6138b197-1532d"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:23 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame C27B 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvqgy1AmeWZqoBOtKX2F_GcBhpNof9EajNXLdtfPSLPx1iSPjVxGQXCkbl5eHKjs-h9LvFpvBPtu5E2HOB0r90tZXfGwX9cCrQ7OYy1&sai=AMfl-YSOTQ62PpbQ-SPIq9GZ8WLEjU1kXauGxFAld8qIA_ibRUN2sYukIBDGWyYF_MMXxCd7CrOqoejOa71dNNzHtDTwXfrvR6L7Ydsn6-U0rT9AhrxeOUwsn5qPInM1&sig=Cg0ArKJSzBgxPYwwpXRbEAE&cid=CAASEuRoBNblnOiFnE199aJ4zOpePw&id=lidar2&mcvt=1002&p=40,405,130,1133&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2088783226&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637997920661&rpt=1697&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
async_usersync
ib.adnxs.com/ Frame C152 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=1119064&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
f1ff00b0-c4b7-4693-b2a1-ee1732b697af
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
syncframe
gum.criteo.com/ Frame 35E8 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
3422
date
Sat, 27 Nov 2021 07:25:22 GMT
content-length
4683
publishertag.prebid.js
static.criteo.net/js/ld/ Frame 8EA5 		83 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.113.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 06:35:11 GMT
server
nginx
etag
W/"618cb99f-14b33"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:23 GMT
async_usersync
ib.adnxs.com/ Frame A153 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=2725&pub_id=1119064&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=2725&pub_id=1119064
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
d36eb508-beca-418f-89fd-76f610f498ea
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vevent
fra1-ib.adnxs.com/ Frame 1395 		0
823 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fbuhgalter911.com%2F&e=wqT_3QKMBvBMDAMAAAMA1gAFAQjhuoeNBhDg_faYs9mY9z8YzMawrdKF7tBZKjYJPL8oQX-h6T8RWm8vxEXJ5T8ZAAAAIK5H8T8hWm8vxEXJ5T8pPL8JJPS4AjEAAABA4XrEPzCI_rkIOKUVQOUeSGVQtaLLJVjSilZgAGjtyG9479YFgAEBigEDVVNEkgEDRVVSmAHKB6ABWqgBAbABALgBAcABBcgBAtABANgBAOABAPABANgC6hDgArzVReoCGWh0dHBzOi8vYnVoZ2FsdGVyOTExLmNvbS-AAwCIAwGQAwCYAxegAwGqA-oBCr8BaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvZ2VuXzIwND9pZD1hd2JpZCZhd2JpZF9iPUFLQW1mLURWdGFHeWpsZURmVXN3bnRYdUhLcHpCYTVJRUcwX09ZbV93Ty1JdFBlWmUwTWp5cVBHd3l1NkxILXVxdWRQdTdBN0UyUVBTVWpZUzliaXVFRG96UU5TekpmNkpRJnByPTEwOiR7QVVDVElPTl9QUklDRX0aEzQ2MDY3MjgwOTM3MjIwNjY2NTYiCDc4ODI3ODI5KgQzOTQxOgEwwAOsAsgDANgDpZEw4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEwOS4yMDEuMTQzLjYzqAQAsgQPCAAQARjKByBaKAAwADgCuAQAwATP4I4iyAQA2gQCCAHgBAHwBLWiyyWIBQGYBQCgBZiEg6f9quKRc8AFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBcriRvoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbujwHaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCYBwGgBwGqBwwxMTkzNDc2OTM2NzG6Bw8IABAAGAAgADAAONkVQADIB-_WBdIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAH-rsjiggCEAA.&s=1b0259e7a839b63cd64083167a9111da6ec16ab9&type=pv&jm=1003&px=0&py=0&bw=970&bh=90&sf=1&sid=2539957561915955141&vd=ct~0|rr~5&sv=221&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=17727240&ft=3
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/221/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.250 -, , ASN (),
Reverse DNS
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 538.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
223c7ca7-9ce2-49a3-b7f5-e3b1646678fb
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://runwaff.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame 35E8
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=5hDI6F9QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXAzWmVEJTJGOHJWZVAzRGhqQ2oxVllielJ...
  • https://mug.criteo.com/sid?cpp=ghJjzXwxaU1hcHF4VDBMSElIMDVJUS92dng2cHZtRVMxcDBTTysrYlRYdmtkU2lTVGJ1a1FnaUJBSzJzaklyRDl2UGJiR1NwQTRXL0xEbXdVSE9iZHVrUDlIK0NQZHp4L3U0a01iWWRPNXVBbmxCODJ5aDFZenZXYXJaT2...
430 B
621 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=ghJjzXwxaU1hcHF4VDBMSElIMDVJUS92dng2cHZtRVMxcDBTTysrYlRYdmtkU2lTVGJ1a1FnaUJBSzJzaklyRDl2UGJiR1NwQTRXL0xEbXdVSE9iZHVrUDlIK0NQZHp4L3U0a01iWWRPNXVBbmxCODJ5aDFZenZXYXJaT2N4V0JjeSt6N0k4cDl2ZFZIRXloRzVobnM1clBTSVhNME0vSUtlVzFPYmpRdVlSaVVOdEh4OUdCaU1UTXAzbUdoWktXMFRESVRiVXZRdVoySDhaMGVGdkNEY2hxYURpMkY3VmtsTVZid2tRM0ZZeHpxRk92Ujc5dkJ2Z3FubnErM0Q5aHRvVUhPTk1Qd3ZRc1o2ZWNTNEsvR24zQ2NVSFdJOHAydjVNVmE1NDVZR3NVK0dFUT18&cppv=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
ed2fd4ff03ad69c2b6e53692d2d530ece2a12d06162628440f8ce89ff3f70fd3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:23 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3627
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:22 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=ghJjzXwxaU1hcHF4VDBMSElIMDVJUS92dng2cHZtRVMxcDBTTysrYlRYdmtkU2lTVGJ1a1FnaUJBSzJzaklyRDl2UGJiR1NwQTRXL0xEbXdVSE9iZHVrUDlIK0NQZHp4L3U0a01iWWRPNXVBbmxCODJ5aDFZenZXYXJaT2N4V0JjeSt6N0k4cDl2ZFZIRXloRzVobnM1clBTSVhNME0vSUtlVzFPYmpRdVlSaVVOdEh4OUdCaU1UTXAzbUdoWktXMFRESVRiVXZRdVoySDhaMGVGdkNEY2hxYURpMkY3VmtsTVZid2tRM0ZZeHpxRk92Ujc5dkJ2Z3FubnErM0Q5aHRvVUhPTk1Qd3ZRc1o2ZWNTNEsvR24zQ2NVSFdJOHAydjVNVmE1NDVZR3NVK0dFUT18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1920
content-length
567
expires
0
publishertag.prebid.js
static.criteo.net/js/ld/ Frame 5AE5 		83 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 06:35:11 GMT
server
nginx
etag
W/"618cb99f-14b33"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:23 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 3AA2 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstD5D9FjdNzD4KFOreuPeBnzr4RxPHLivJmgrVa9_19m6Q4ia7U7Fcb1LRZmuf0LOn_zHaUf5ruX5H1CIdaaV2TFfkD41VbcYEUU5LsvdFdGlhA-ig&sig=Cg0ArKJSzH9zoAQ4QOk-EAE&cid=CAASFeRoF13i5c4BaZgIb60eNqtJ2bMOEQ&id=lidar2&mcvt=1001&p=0,0,90,970&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3532592921&exk=1767007030&rs=5&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637997921886&rpt=737&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
syncframe
gum.criteo.com/ Frame D14C 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
3342
date
Sat, 27 Nov 2021 07:25:23 GMT
content-length
4683
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=runwaff.com&cw=1&pbt=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://runwaff.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://runwaff.com
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1611
date
Sat, 27 Nov 2021 07:25:22 GMT
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame 8EA5
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fbuhgalter911.com%2F&domain=runwaff.com&cw=1&pbt=1&lsw=1
  • https://mug.criteo.com/sid?cpp=YrGrL3w0TlZrWE9HNnRWY2xnbG5jSjQxa2tjWkxiU1hoYlN5OXlBQ1VpKzVjQVlxam5TMHVRN2twZFI1VXlmSkIyb3h1bzJVMEFZT1JFcUVJM2pSNGNBeTNad0ljRnVBdjVDQXN4NnBKKzBkSkFCN3lDQ05GM2gvM0tvS3...
432 B
669 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=YrGrL3w0TlZrWE9HNnRWY2xnbG5jSjQxa2tjWkxiU1hoYlN5OXlBQ1VpKzVjQVlxam5TMHVRN2twZFI1VXlmSkIyb3h1bzJVMEFZT1JFcUVJM2pSNGNBeTNad0ljRnVBdjVDQXN4NnBKKzBkSkFCN3lDQ05GM2gvM0tvS3FUbmdLZVI4cE1Ea2xIanVtYk5qYVVBclhETFdYSFFUdWFBR0FTWDNZZWFnSDBTTDR3VG5ZNW9KK3dkNWE2S2hrdXF4OE5QeTNndFd0NTNZbU9YL2I3VmszdDJoelRFU0tETTVkYmFVR0JUeTBhZDRQRXc1RnFnTFZiSFhmQlBVSU5RUVBkOWovMWQwaEthY1czY0tWVzA3N0QrVHVZL25sNnZKZDdJNkRlU3JvZGVXU3Zmdz18&cppv=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
710eaefbf0a4bcaa67733ed357220a8e9018476262b2f3ca8ae90821a79da99d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:23 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3202
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:23 GMT
location
https://mug.criteo.com/sid?cpp=YrGrL3w0TlZrWE9HNnRWY2xnbG5jSjQxa2tjWkxiU1hoYlN5OXlBQ1VpKzVjQVlxam5TMHVRN2twZFI1VXlmSkIyb3h1bzJVMEFZT1JFcUVJM2pSNGNBeTNad0ljRnVBdjVDQXN4NnBKKzBkSkFCN3lDQ05GM2gvM0tvS3FUbmdLZVI4cE1Ea2xIanVtYk5qYVVBclhETFdYSFFUdWFBR0FTWDNZZWFnSDBTTDR3VG5ZNW9KK3dkNWE2S2hrdXF4OE5QeTNndFd0NTNZbU9YL2I3VmszdDJoelRFU0tETTVkYmFVR0JUeTBhZDRQRXc1RnFnTFZiSFhmQlBVSU5RUVBkOWovMWQwaEthY1czY0tWVzA3N0QrVHVZL25sNnZKZDdJNkRlU3JvZGVXU3Zmdz18&cppv=2
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://runwaff.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1778
content-length
567
expires
0
12.json
id5-sync.com/g/v2/ Frame 8EA5 		213 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/12.json
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.195.5.40 , France, ASN16276 (OVH, FR),
Reverse DNS
p17.id5-sync.com
Software
/
Resource Hash
33449f86b74afab1c711c8643debd12f183f23e2485856a69e77e56ffe1bbcfc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://runwaff.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://runwaff.com
Date
Sat, 27 Nov 2021 07:25:14 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
pd
u.openx.net/w/1.0/ Frame 74F9 		0
91 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.221.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.221.0
date
Sat, 27 Nov 2021 07:25:23 GMT
content-type
text/html
content-length
20
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sspmatch-iframe
ads.betweendigital.com/ Frame 59D5 		658 B
837 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.betweendigital.com/sspmatch-iframe
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
522ebf8104af5cee0d26cc27240d720e73a0be569adc89d0ccc81f9d8913e445

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

content-type
text/html
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
658
async_usersync.html
acdn.adnxs.com/dmp/ Frame 69FB 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 -, , ASN (),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Wed, 24 Nov 2021 05:35:57 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Sat, 27 Nov 2021 07:25:23 GMT
Age
6560
X-Served-By
cache-lga21983-LGA, cache-ams21083-AMS
X-Cache
HIT, HIT
X-Cache-Hits
1, 35307
X-Timer
S1637997924.699452,VS0,VE0
Vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame BA38 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:23 GMT
Connection
keep-alive
Vary
Accept-Encoding
ixmatch.html
js-sec.indexww.com/um/ Frame 4419 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

Server
Apache
Last-Modified
Thu, 11 Feb 2021 16:12:45 GMT
ETag
"e20015-90b-5bb11ca420f07"
Accept-Ranges
bytes
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
1151
Date
Sat, 27 Nov 2021 07:25:23 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame 2DBF 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1637997920498
Requested by
Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/moneybid5_19/build_noconsent/dist/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
um
u-ams02.e-planning.net/ Frame 8EA5
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3Dce294c34bf4c7569%26uid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D3c01f1a5a54da346%26fi%3Dce294c34bf4c7569%26uid%3D%24UID&sovrn_retry=true
  • https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=ce294c34bf4c7569&uid=0a7af39ef7aba6ceb46ee5e7
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=ce294c34bf4c7569&uid=0a7af39ef7aba6ceb46ee5e7
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
5.178.65.245 -, , ASN (),
Reverse DNS
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
server
openresty
content-type
image/gif

Redirect headers

Date
Sat, 27 Nov 2021 07:25:23 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://u-ams02.e-planning.net/um?dc=3c01f1a5a54da346&fi=ce294c34bf4c7569&uid=0a7af39ef7aba6ceb46ee5e7
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
sid
mug.criteo.com/ Frame D14C
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=Xv2C5F9QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXRpb084eUVVUURZbzBhQ3hKOUJuVWxJcU5...
  • https://mug.criteo.com/sid?cpp=IJWXb3xoOFVHaVNQY1FLVnZGWmlkRDZBZUNFZ2t6UEEza2JTVVhDdElWMERhYk9uSWtnWW1HZkZmTUF1YzZ4MFhTa1ZROTB4UGtSa1pTSk9vV1RNUFp2OGROMzBvRVNPNTB4bkhXck1KUzBEYnVmenprbEF1VHl5USsrbn...
419 B
615 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=IJWXb3xoOFVHaVNQY1FLVnZGWmlkRDZBZUNFZ2t6UEEza2JTVVhDdElWMERhYk9uSWtnWW1HZkZmTUF1YzZ4MFhTa1ZROTB4UGtSa1pTSk9vV1RNUFp2OGROMzBvRVNPNTB4bkhXck1KUzBEYnVmenprbEF1VHl5USsrbnJMV25DTTRlalozU3FrM1hFN3hSQXlRNVl2Y3RkMGYwRWZYL1VGSGFGTlk4c2IwSm1sZlZFTEl0MFZLbkxNTjFHOVhjcHROR0U0czN5Tzg4UXZwVXdjb25tWTdkUmZkSkVkN2dmdys5MEJwL1lWL29oSnFNRDNPcGEyOWpQYUROQ25wQytFK3UxTUpZZ1VmSVdyaE5Md3pJZHpRS2greEYwbFlRMjQ1RTZTNFFpaTliSDVRcz18&cppv=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
765de0e56affe3c5adbc9a6956016354fc2d6551bf64462b6854c49ef05f0dbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:23 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2948
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:23 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=IJWXb3xoOFVHaVNQY1FLVnZGWmlkRDZBZUNFZ2t6UEEza2JTVVhDdElWMERhYk9uSWtnWW1HZkZmTUF1YzZ4MFhTa1ZROTB4UGtSa1pTSk9vV1RNUFp2OGROMzBvRVNPNTB4bkhXck1KUzBEYnVmenprbEF1VHl5USsrbnJMV25DTTRlalozU3FrM1hFN3hSQXlRNVl2Y3RkMGYwRWZYL1VGSGFGTlk4c2IwSm1sZlZFTEl0MFZLbkxNTjFHOVhjcHROR0U0czN5Tzg4UXZwVXdjb25tWTdkUmZkSkVkN2dmdys5MEJwL1lWL29oSnFNRDNPcGEyOWpQYUROQ25wQytFK3UxTUpZZ1VmSVdyaE5Md3pJZHpRS2greEYwbFlRMjQ1RTZTNFFpaTliSDVRcz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1863
content-length
567
expires
0
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=YrGrL3w0TlZrWE9HNnRWY2xnbG5jSjQxa2tjWkxiU1hoYlN5OXlBQ1VpKzVjQVlxam5TMHVRN2twZFI1VXlmSkIyb3h1bzJVMEFZT1JFcUVJM2pSNGNBeTNad0ljRnVBdjVDQXN4NnBKKzBkSkFCN3lDQ05GM2gvM0tvS3FUbmdLZVI4cE1Ea2xIanVtYk5qYVVBclhETFdYSFFUdWFBR0FTWDNZZWFnSDBTTDR3VG5ZNW9KK3dkNWE2S2hrdXF4OE5QeTNndFd0NTNZbU9YL2I3VmszdDJoelRFU0tETTVkYmFVR0JUeTBhZDRQRXc1RnFnTFZiSFhmQlBVSU5RUVBkOWovMWQwaEthY1czY0tWVzA3N0QrVHVZL25sNnZKZDdJNkRlU3JvZGVXU3Zmdz18&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1001
date
Sat, 27 Nov 2021 07:25:23 GMT
content-encoding
gzip
vary
Accept-Encoding
activeview
pagead2.googlesyndication.com/pcs/ Frame EF25 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthZZtknav-YJqgBSjZ4KvKy0tVQZnYKQO9w0jhFwfpx2iHDfkGRTkjckAsUWNZYMWCnXXVomMEYcJLVAj14OkwI6A6mwlwTPFLnZfM10zSUV-mzjw&sig=Cg0ArKJSzImMZyPt5EJ1EAE&cid=CAASFeRoJ9bhvr2X5j4-DL98PT5MGjAfhg&id=lidar2&mcvt=1018&p=0,0,90,970&mtos=1018,1018,1018,1018,1018&tos=1018,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3532592921&exk=1646929825&rs=5&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1637997922069&rpt=637&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame BA38 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:23 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11187
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
async_usersync
ib.adnxs.com/ Frame 69FB 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
181b9a00-e7b5-4028-b176-ee7832806736
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usermatch
ssum-sec.casalemedia.com/ Frame 0493 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
fd646e6648d187247efc4513828cbeec3fa1b53295ccaedae88193d89fb0e2a0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://js-sec.indexww.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
241|39|230|73|188|47|65|88
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1650
Expires
Sat, 27 Nov 2021 07:25:23 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
Connection
keep-alive
publishertag.prebid.js
static.criteo.net/js/ld/ Frame 7DA2 		83 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 06:35:11 GMT
server
nginx
etag
W/"618cb99f-14b33"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sun, 28 Nov 2021 07:25:23 GMT
match
ads.betweendigital.com/ Frame 59D5
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=between
  • https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dbetween%26expires%3D30%26user_group%3D%24%...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&ssp=between&expires=30&user_group=1
  • https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f4c21355-b1f4-46d1-a732-a503bb51c5a8
68 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f4c21355-b1f4-46d1-a732-a503bb51c5a8
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
68
content-type
image/png

Redirect headers

Location
//ads.betweendigital.com/match?bidder_id=22&external_user_id=f4c21355-b1f4-46d1-a732-a503bb51c5a8
Date
Sat, 27 Nov 2021 07:25:23 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
match
ads.betweendigital.com/ Frame 59D5
Redirect Chain
  • https://px.adhigh.net/p/cm/btw
  • https://px.adhigh.net/p/cm/btw?bounced=1
  • https://ads.betweendigital.com/match?bidder_id=37&external_user_id=uMPy7V1hYDJY.AikABlF9YEjOaw
68 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=uMPy7V1hYDJY.AikABlF9YEjOaw
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
server
nginx
access-control-allow-origin
*
x-backend-id
f18-ru
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=uMPy7V1hYDJY.AikABlF9YEjOaw
cache-control
no-cache, no-store
access-control-allow-credentials
true
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
match
ads.betweendigital.com/ Frame 59D5
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.betweendigital.com%2Fmatch%3Fbidder_id%3D114%26external_user_id%3D%24UID
  • https://ads.betweendigital.com/match?bidder_id=114&external_user_id=0a7af39ef7aba6ceb46ee5e7
68 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.betweendigital.com/match?bidder_id=114&external_user_id=0a7af39ef7aba6ceb46ee5e7
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
68
content-type
image/png

Redirect headers

Date
Sat, 27 Nov 2021 07:25:23 GMT
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://ads.betweendigital.com/match?bidder_id=114&external_user_id=0a7af39ef7aba6ceb46ee5e7
Access-Control-Allow-Credentials
true
Connection
close
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
match
ads.betweendigital.com/ Frame 59D5
Redirect Chain
  • https://sync.bumlam.com/?src=bw1&uid=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
  • https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABjjuoeNBlIFvp7KygpiJGQ4Y2I2MWYyLTBmZjAtNTE0Yi05YWRjLTc0YjhmYjdkYTllNQ**
  • https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARjjuoeNBlIFvp7KygpiJGQ4Y2I2MWYyLTBmZjAtNTE0Yi05YWRjLTc0YjhmYjdkYTllNaIBEC-Bv-pPUxHspukAJZDIJDc*
  • https://sync.bumlam.com/?src=bw1&s_data=CAIQABjjuoeNBmIkZDhjYjYxZjItMGZmMC01MTRiLTlhZGMtNzRiOGZiN2RhOWU1ogEQL4G_6k9TEeym6QAlkMgkNw**
  • https://sync.bumlam.com/?src=bw1&s_data=CAIQARjjuoeNBmIkZDhjYjYxZjItMGZmMC01MTRiLTlhZGMtNzRiOGZiN2RhOWU1ogEQL4G_6k9TEeym6QAlkMgkNw**
  • https://ads.betweendigital.com/match?bidder_id=18&external_user_id=2f81bfea-4f53-11ec-a6e9-002590c82437
68 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.betweendigital.com/match?bidder_id=18&external_user_id=2f81bfea-4f53-11ec-a6e9-002590c82437
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Server
23.111.200.117 , Russian Federation, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
68
content-type
image/png

Redirect headers

Date
Sat, 27 Nov 2021 07:25:24 GMT
Server
nginx
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location
https://ads.betweendigital.com/match?bidder_id=18&external_user_id=2f81bfea-4f53-11ec-a6e9-002590c82437
Cache-Control
no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
bidder_18.html
cache.betweendigital.com/code/ Frame 4C6D 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cache.betweendigital.com/code/bidder_18.html?USER_ID=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&CACHEBUSTER=130266
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
151.236.118.210 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
0efe00c23297e5c56485eabb6ea548c2669b896704fcb2c426d898148543ccad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://ads.betweendigital.com/

Response headers

server
nginx
date
Sat, 27 Nov 2021 07:25:23 GMT
content-type
text/html
last-modified
Tue, 08 Jun 2021 15:45:03 GMT
etag
W/"60bf907f-ee9"
content-encoding
gzip
syncframe
gum.criteo.com/ Frame E239 		11 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=buhgalter911.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
3224
date
Sat, 27 Nov 2021 07:25:23 GMT
content-length
4683
dcm
s.amazon-adsystem.com/ Frame 0493
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
52.46.130.91 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TQST1XPJNA4XACXE2T01
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
TW69E67K49RT993BP00Z
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 0493 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
usermatchredir
ssum-sec.casalemedia.com/ Frame 0493
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB&gdpr_consent=&us_privacy=&gdpr=1
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJUhXQFGngoD0BgMoXu8X34&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJUhXQFGngoD0BgMoXu8X34&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Sat, 27 Nov 2021 07:25:23 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEJUhXQFGngoD0BgMoXu8X34&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 0493 		43 B
872 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YaHdYTD9tT3o9naxhQZTEgAABLsAAAAB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:1ae5:2286:b535:86e4 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:23 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
CookieIndex
rtb.adentifi.com/ Frame 0493 		0
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieIndex
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.86.185.173 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
0
Content-Type
text/plain
crum
dsum-sec.casalemedia.com/ Frame 0493
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=CJmHPDFI1MQS5j5&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=CJmHPDFI1MQS5j5&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Sat, 27 Nov 2021 07:25:23 GMT

Redirect headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
Server
PingMatch/v2.0.30-691-gbabbd08#rel-ec2-master i-02cbf440f9d738c39@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
P3P
policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=CJmHPDFI1MQS5j5&gdpr=1
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum.casalemedia.com/ Frame 0493
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1638084323&gdpr=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1638084323&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:23 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Sat, 27 Nov 2021 07:25:23 GMT

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1638084323&gdpr=1
pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 0493 		85 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:23 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1637997924.870488,VS0,VE89
x-served-by
cache-ams21043-AMS
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
cache-control
no-cache
accept-ranges
bytes
content-type
image/png
content-length
85
x-cache-hits
0
htw-pixel.gif
js-sec.indexww.com/ht/ Frame 0493 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://js-sec.indexww.com/ht/htw-pixel.gif?YaHdYTD9tT3o9naxhQZTEgAA%261211
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://runwaff.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:23 GMT
Last-Modified
Tue, 24 Jan 2017 19:36:04 GMT
Server
Apache
ETag
"da1f1d-2b-546dc3a097100"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2129
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
Expires
Sat, 27 Nov 2021 08:00:52 GMT
sid
mug.criteo.com/ Frame E239
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=runwaff.com&sn=ChromeSyncframe&so=2&topUrl=buhgalter911.com&bundle=WleC619QUjIlMkJlODB4OWNJZjB0b2tWSWJOeXJjQVgwUEJvMG04enlDS1BQYW9oc21BVGo...
  • https://mug.criteo.com/sid?cpp=fVR093wvVWpESXJKVVlDMk5yTWY4RkEreDhGRkJsTXJDc2cvU0lCb3FXSkllN1FjQStnSTA4RWl6RXRnZ2J2NmNxbGNlbGxxYmtocThhVnJIUi8wRW10bmtvZkU2Wi9HVTJPaWpzQ1E5enJFejdoUXpOK2tkYzNvdEpMb0...
419 B
615 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=fVR093wvVWpESXJKVVlDMk5yTWY4RkEreDhGRkJsTXJDc2cvU0lCb3FXSkllN1FjQStnSTA4RWl6RXRnZ2J2NmNxbGNlbGxxYmtocThhVnJIUi8wRW10bmtvZkU2Wi9HVTJPaWpzQ1E5enJFejdoUXpOK2tkYzNvdEpMb05ILy9jb05rbDR0YW1LR0RsWFpMOWtXU0dFMzdxaWJwZFgzQzhaUFREVzcwcm1CQ3RUTitLZFZGUUVTa3hLWUhhV0ZqazgxUjJTVHZpZ28zbExYNGxYMEdhVzV1S2hrTDQwS1VFeldXZzNwSjJQM2l3MUJPYjhXWERPSFZLTUtjUUQzbGxtTU9vK0xUM3pwSHJmeFlmRVo1NmFQemR2QjkyNHhEYkV1SlVlMTRESDFjYVZydz18&cppv=2
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
62ced833a0d5fe586b01ae6f47ca164b23950e87fed50fac73c07aa4586d929b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Sat, 27 Nov 2021 07:25:23 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
3922
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sat, 27 Nov 2021 07:25:22 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=fVR093wvVWpESXJKVVlDMk5yTWY4RkEreDhGRkJsTXJDc2cvU0lCb3FXSkllN1FjQStnSTA4RWl6RXRnZ2J2NmNxbGNlbGxxYmtocThhVnJIUi8wRW10bmtvZkU2Wi9HVTJPaWpzQ1E5enJFejdoUXpOK2tkYzNvdEpMb05ILy9jb05rbDR0YW1LR0RsWFpMOWtXU0dFMzdxaWJwZFgzQzhaUFREVzcwcm1CQ3RUTitLZFZGUUVTa3hLWUhhV0ZqazgxUjJTVHZpZ28zbExYNGxYMEdhVzV1S2hrTDQwS1VFeldXZzNwSjJQM2l3MUJPYjhXWERPSFZLTUtjUUQzbGxtTU9vK0xUM3pwSHJmeFlmRVo1NmFQemR2QjkyNHhEYkV1SlVlMTRESDFjYVZydz18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1904
content-length
567
expires
0
tap.php
pixel.rubiconproject.com/ Frame BA38
Redirect Chain
  • https://rbp.mxptint.net/sn.ashx
  • https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B342_E732EB44_1E96AA270&expires=60
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B342_E732EB44_1E96AA270&expires=60
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
29af2665c43893332e84c235bac366c1
Content-Type
image/gif

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=14321&nid=2313&put=R1B342_E732EB44_1E96AA270&expires=60
Date
Sat, 27 Nov 2021 07:25:23 GMT
Cache-Control
private
P3P
CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length
227
Strict-Transport-Security
max-age=-320984724; includeSubDomains
Content-Type
text/html; charset=utf-8
tap.php
pixel.rubiconproject.com/ Frame BA38
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=64
  • https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559721741485486&expires=30
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559721741485486&expires=30
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
Content-Type
image/gif

Redirect headers

Location
https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=5108559721741485486&expires=30
Date
Sat, 27 Nov 2021 07:25:23 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame BA38
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/tap.php?v=1053074&nid=2179&put=Dgss8YzKTXyy921BJs-auw&next=https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
52.46.130.91 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
RXE3VS8Y56WNC3Q43FMJ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
19c1ac3b9706c83a73951eba4d239689
Expires
0
ecm3
aax-eu.amazon-adsystem.com/s/ Frame BA38
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/tap.php?v=1053074&nid=2179&put=GeTAoQc8TTOqYm6zseaBmA&next=https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
54.239.38.253 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
22VMEXD8F3GWMP8WD3ZE
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
84e0f527cd81a00b0210e20b4ee7ed94
Expires
0
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame BA38 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.128 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers
current
rubicon-match.dotomi.com/match/bounce/ Frame BA38
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2046&pt=n&a=1
  • https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=aVV9vetRD5IISXYj824rTA
0
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=aVV9vetRD5IISXYj824rTA
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
2a02:fa8:8806:16::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0

Redirect headers

Location
https://rubicon-match.dotomi.com/match/bounce/current?networkId=12783&version=1&nuid=aVV9vetRD5IISXYj824rTA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
20e8391fc78a9019eb67dba4b22f0ac2
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame BA38
Redirect Chain
  • https://onetag-sys.com/bridge/e,4
  • https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
9e7742894a018a40b59a2ed2117c85b5
Content-Type
image/gif

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=
strict-transport-security
max-age=15552000
cache-control
no-cache, no-transform
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
tap.php
pixel.rubiconproject.com/ Frame BA38
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=560687&ev=1&rurl=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D390200%26nid%3D5120%26put%3D%25%25VGUID%25%25
  • https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=IPyTDkBOtOAc&ev=1&pid=560687
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=IPyTDkBOtOAc&ev=1&pid=560687
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
19ea072139d67f7022c6e463249c998e
Content-Type
image/gif

Redirect headers

strict-transport-security
max-age=15768000
server
Jetty(9.4.14.v20181114)
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
nl-NL
location
https://pixel.rubiconproject.com/tap.php?v=390200&nid=5120&put=IPyTDkBOtOAc&ev=1&pid=560687
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-544c4f9c45-6vt9p
expires
-1
sync
odr.mookie1.com/t/v2/ Frame 4C6D
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=between
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=f4c21355-b1f4-46d1-a732-a503bb51c5a8&ssp=between&gdpr=&gdpr_consent=
43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=f4c21355-b1f4-46d1-a732-a503bb51c5a8&ssp=between&gdpr=&gdpr_consent=
Requested by
Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol
H2
Server
34.98.67.61 -, , ASN (),
Reverse DNS
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
//odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=f4c21355-b1f4-46d1-a732-a503bb51c5a8&ssp=between&gdpr=&gdpr_consent=
Date
Sat, 27 Nov 2021 07:25:23 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
/
sync3.sniperlog.ru/ Frame 4C6D
Redirect Chain
  • https://sync.bumlam.com/?src=aid0
  • https://x01.aidata.io/0.gif?pid=ADSNIPER&id=2f81bfea-4f53-11ec-a6e9-002590c82437
  • https://x01.aidata.io/0.gif?pid=ADSNIPER&id=2f81bfea-4f53-11ec-a6e9-002590c82437&bounce=1
  • https://sync.bumlam.com/?src=aid1&uid=247Sc35FrB85tdO4Hmtztw&
  • https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata
  • https://sync3.sniperlog.ru/?src=ggl&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata&google_gid=CAESEC0c4bqhHNnDJEDX2qKhNJY&google_cver=1
43 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync3.sniperlog.ru/?src=ggl&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata&google_gid=CAESEC0c4bqhHNnDJEDX2qKhNJY&google_cver=1
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Server
31.172.81.158 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:24 GMT
Cache-Control
no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Server
nginx
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync3.sniperlog.ru/?src=ggl&extra1=247Sc35FrB85tdO4Hmtztw&extra2=aidata&google_gid=CAESEC0c4bqhHNnDJEDX2qKhNJY&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
345
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
23783032
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/23783032?wmode=0&wv-part=9&wv-hit=68511116&page-url=https%3A%2F%2Fbuhgalter911.com%2F&rn=508936288&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1637997924%3Aw%3A1600x1200%3Av%3A700%3Az%3A0%3Ai%3A20211127072524%3Au%3A163799791715291278%3Avf%3A4bjmbg7omqwgt7numv%3Awe%3A1%3Ast%3A1637997924&t=gdpr(14)ti(2)
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://buhgalter911.com/
Accept-Language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
last-modified
Sat, 27-Nov-2021 07:25:24 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://buhgalter911.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Sat, 27-Nov-2021 07:25:24 GMT
usync.html
eus.rubiconproject.com/ Frame C80E
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Requested by
Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&CACHEBUSTER=130266
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
about:blank

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Nov 2021 07:25:24 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Date
Sat, 27 Nov 2021 07:25:24 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzWM,pingTime:1,time:2858,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1857%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1857,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1852~0,1~100%5D,as:%5B1853~728.90%5D%7D%7D,%7Bsl:i,t:1857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:148,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
X-Server-Name
dt40.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzWN,pingTime:1,time:2859,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1857%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1857,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1852~0,1~100%5D,as:%5B1853~728.90%5D%7D%7D,%7Bsl:i,t:1857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:148,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
X-Server-Name
dt45.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
dt
dt.adsafeprotected.com/ Frame C27B 		43 B
301 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=867523&asId=604a6246-d4f1-b993-9424-7a51c4659ca3&tv=%7Bc:v9nzWN,pingTime:1,time:2859,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:21%7D,%7Bpiv:100,vs:i,r:,t:1857%7D%5D,es:0,sc:1,ha:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1002,o:1857,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:20,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1852~0,1~100%5D,as:%5B1853~728.90%5D%7D%7D,%7Bsl:i,t:1857,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:148,fm:sPWMlLw+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c%7C1d111*.867523-58678884%7C1d1111%7C1d11121%7C1d121%7C1d13%7C1e%7C1f%7C1g1%7C1g2%7C1g311%7C1g32%7C1h1%7C1h2%7C1h3%7C1i11%7C1i12%7C1j11%7C1j12%7C1j13%7C1k%7C1l1%7C1m11%7C1m12%7C1n1%7C1n2%7C1n3%7C1o,idMap:1d111*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=c
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.36.20 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
X-Server-Name
dt55.303net.pvt
P3P
CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Server
nginx
usync.js
eus.rubiconproject.com/ Frame C80E 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-109-78-125.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Sat, 27 Nov 2021 07:25:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 10 Nov 2021 00:01:00 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=11186
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9512
Expires
Sat, 27 Nov 2021 10:31:50 GMT
sync.php
pixel-eu.rubiconproject.com/exchange/ Frame C80E 		0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel-eu.rubiconproject.com/exchange/sync.php?p=btwnex
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.165 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Content-Type
image/gif
130266
www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/ Frame 4C6D
Redirect Chain
  • https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266
  • https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266
43 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
2001:6d0:4001::226 -, , ASN (),
Reverse DNS
Software
ms-counter-3.2.14/1.20.1 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
ms-counter-3.2.14/1.20.1
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin
*
content-length
43
expires
Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:24 GMT
server
ms-counter-3.2.14/1.20.1
strict-transport-security
max-age=2678400
content-type
image/gif
location
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/130266
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin
*
content-length
0
expires
Thu, 01 Jan 1970 00:00:01 GMT
async_usersync
ib.adnxs.com/ Frame 69FB 		0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 27 Nov 2021 07:25:24 GMT
X-Proxy-Origin
109.201.143.63; 109.201.143.63; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
bc40bbb4-3968-49b0-92c8-d395a5f5dff2
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ImgSync
image8.pubmatic.com/AdServer/ Frame 5AE5
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=2e5b54d5-4f53-11ec-b930-65692a6201a5&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
179 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
198.47.127.18 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:24 GMT
cache-control
private,max-age=86400
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Sat, 27 Nov 2021 07:25:25 GMT
cache-control
no-store, no-cache, private
x-lat
lhrpug010:0:449
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
/
ssc-cms.33across.com/ps/ Frame 4C6D
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&expires=60
  • https://matching.kubient.net/match/bidswitch?id=f4c21355-b1f4-46d1-a732-a503bb51c5a8&gdpr=&consent=&usp=
  • https://matching.kubient.net/match/bidswitch?id=f4c21355-b1f4-46d1-a732-a503bb51c5a8&gdpr=&consent=&usp=&chk=1
  • https://ssc-cms.33across.com/ps/?ri=0010b000018ldWcAAI&ru=https%3A%2F%2Fmatching.kubient.net%2Fmatch%2F33across%3Fid%3D33XUSERID33X%26fp%3D1860323048
0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b000018ldWcAAI&ru=https%3A%2F%2Fmatching.kubient.net%2Fmatch%2F33across%3Fid%3D33XUSERID33X%26fp%3D1860323048
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
67.202.105.23 -, , ASN (),
Reverse DNS
Software
33XP004 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-33x-status
2000208
date
Sat, 27 Nov 2021 07:25:24 GMT
server
33XP004

Redirect headers

date
Sat, 27 Nov 2021 07:25:25 GMT
x-content-type-options
nosniff
server
nginx
x-frame-options
SAMEORIGIN
location
https://ssc-cms.33across.com/ps/?ri=0010b000018ldWcAAI&ru=https%3A%2F%2Fmatching.kubient.net%2Fmatch%2F33across%3Fid%3D33XUSERID33X%26fp%3D1860323048
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
0
x-xss-protection
1; mode=block
ImgSync
image8.pubmatic.com/AdServer/ Frame 7DA2 		0
96 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=156400&gdpr=0&gdpr_consent=
Requested by
Host: cdn.projectagora-adtag-library.com
URL: https://cdn.projectagora-adtag-library.com/prebid325/latest/prebid.3-25.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://runwaff.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 07:25:24 GMT
cache-control
private,max-age=86400
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
/
onetag-sys.com/usync/ Frame BC8E 		2 KB
814 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5d1628750185ace
Requested by
Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5&CACHEBUSTER=130266
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip254.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
an.yandex.ru/mapuid/betweendigitalis/ Frame 4C6D
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2Fd8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
  • https://an.yandex.ru/mapuid/betweendigitalis/d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
43 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://an.yandex.ru/mapuid/betweendigitalis/d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Server
2a02:6b8::90 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:26 GMT
content-encoding
gzip
last-modified
Sat, 27 Nov 2021 07:25:26 GMT
p3p
CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security
max-age=31536000
content-type
image/gif; charset=utf-8
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Sat, 27 Nov 2021 07:25:26 GMT

Redirect headers

location
https://an.yandex.ru/mapuid/betweendigitalis/d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
sync
t.adx.opera.com/ Frame 4C6D 		0
410 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.adx.opera.com/sync?vendor=60079&uid=d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
Requested by
Host: buhgalter911.com
URL: https://buhgalter911.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
82.145.213.8 -, , ASN (),
Reverse DNS
Software
Tengine /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
nl-NL,nl;q=0.9
Referer
https://cache.betweendigital.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 27 Nov 2021 07:25:26 GMT
server
Tengine
access-control-allow-methods
POST, GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length
0
expires
Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
sync.adtelligent.com
URL
https://sync.adtelligent.com/csync?t=a&ep=319130&extuid=a33c07a5-2bc4-4040-82d7-a80596d12e56
Domain
sync.adtelligent.com
URL
https://sync.adtelligent.com/csync?&redir=https%3A%2F%2Ft.trafmag.com%2Fimages%2Fimages%2F1px-matching-adtelligent.gif%3Fid%3D%7Buid%7D
Domain
trc.taboola.com
URL
https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
Domain
sync.1rx.io
URL
https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
Domain
s.tribalfusion.com
URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Domain
pixel.onaudience.com
URL
https://pixel.onaudience.com/?partner=214&mapped=E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6
Domain
pool.admedo.com
URL
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=f4c21355-b1f4-46d1-a732-a503bb51c5a8
Domain
simage2.pubmatic.com
URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=6458645844671079244
Domain
pixel.rubiconproject.com
URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5606672386949604279
Domain
token.rubiconproject.com
URL
https://token.rubiconproject.com/token?pid=25470
Domain
token.rubiconproject.com
URL
https://token.rubiconproject.com/token?pid=2249&pt=n
Domain
token.rubiconproject.com
URL
https://token.rubiconproject.com/token?pid=26594
Domain
pixel.rubiconproject.com
URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEOiNTdOpjigiaIPTWtJ4p_s&google_cver=1
Domain
pixel.rubiconproject.com
URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=9f1a61a1-dd60-4800-a0e8-eba924af4396&expires=28
Domain
csm.nl.eu.criteo.net
URL
https://csm.nl.eu.criteo.net/iev?entry=c~Gum.ChromeSyncframe.CookieRead.uid~1&entry=c~Gum.ChromeSyncframe.SidReadSuccess~1&entry=h~Gum.ChromeSyncframe.SidReadSuccessDuration~238

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| __o string| GoogleAnalyticsObject function| ga object| dataLayer function| catfish number| dayMs number| cb string| vpbSrc string| gptSrc object| c function| loadScript object| gptadslots object| googletag string| url object| active object| elementsMenu object| elementsMenuArray undefined| elementMenu object| gravitecWebpackJsonp number| _subscriptionStrategy object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| vpb object| gapi object| ___jsl object| google_tag_manager function| fbq function| _fbq function| ym object| config_accounts function| bannerAvailable function| removeOverlay function| showOverlay function| setTopStickyScroll function| $ function| jQuery function| UISearch object| classie object| AccountsManager object| _fpFactor function| blanksAuthTracker function| buyTrackerGA function| gsc object| name99now object| google_optimize object| ggeac object| google_js_reporting_queue object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow function| onYouTubeIframeAPIReady object| sumome object| webpackJsonpsumome function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| vmpbjsChunk object| vmpbjs object| _pbjsGlobals object| GravitecConfig object| Gravitec object| WLPush object| Ya object| yaCounter23783032 undefined| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| Criteo object| sumo object| webpackJsonp_getsitecontrol object| litHtmlVersions object| criteo_pubtag object| criteo_pubtag_prebid_113 object| Criteo_prebid_113 object| cintvls number| inmo object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager boolean| __smLoaded object| jQuery110205724594875798006

134 Cookies

Domain/Path Name / Value
buhgalter911.com/ Name: leads
Value: a%3A1%3A%7Bs%3A13%3A%22subscr_source%22%3Ba%3A3%3A%7Bs%3A11%3A%22create_date%22%3Bs%3A10%3A%222021-11-27%22%3Bs%3A6%3A%22source%22%3Ba%3A4%3A%7Bs%3A10%3A%22utm_source%22%3Bs%3A6%3A%22direct%22%3Bs%3A10%3A%22utm_medium%22%3Bs%3A4%3A%22none%22%3Bs%3A3%3A%22url%22%3Bs%3A24%3A%22http%3A%2F%2Fbuhgalter911.com%2F%22%3Bs%3A11%3A%22refererData%22%3Ba%3A2%3A%7Bs%3A11%3A%22refererPath%22%3Bs%3A24%3A%22http%3A%2F%2Fbuhgalter911.com%2F%22%3Bs%3A7%3A%22referer%22%3Bs%3A16%3A%22buhgalter911.com%22%3B%7D%7Ds%3A2%3A%22ga%22%3Ba%3A1%3A%7Bs%3A3%3A%22cid%22%3Bs%3A36%3A%22695e50fe-c730-4fd6-85b4-6bd64469be5d%22%3B%7D%7D%7D
.buhgalter911.com/ Name: _gid
Value: GA1.2.1344761388.1637997917
.google.com/ Name: NID
Value: 511=GUeIpzQ70nhvCztkMki5rOjS2vn6SfUaX9ad0sMy7F187yrBdA54mlianX2sUP_IohBl8jp7G6CnpwyGZUWSVF0OwNyXWeW0nSfBmTeZJmuz4LGwODqP2QqCK5ZHJqbzAtyaTQ1XOVe6Wd35gmSwLkHvpNMwF4ExA63-WHl13yM
.adtelligent.com/ Name: vmuid
Value: a558b964dbf2661e
.youtube.com/ Name: YSC
Value: yt6UW89gEjQ
.buhgalter911.com/ Name: mL78zW0
Value: 1
.buhgalter911.com/ Name: __fp2_f2
Value: 277F0YLy5U3DbYDvg44nJ6Gs0YHymq4y
.buhgalter911.com/ Name: Z2S0YvM
Value: 1
.buhgalter911.com/ Name: _faguid
Value: 277F0YLy5U3DbYDvg44nJ6Gs0YHymq4y
buhgalter911.com/ Name: __factor_utm
Value: %7B%22utm_medium%22%3A%22none%22%2C%22utm_source%22%3A%22direct%22%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22url_path%22%3A%22https%3A%2F%2Fbuhgalter911.com%2F%22%2C%22refer%22%3A%22%22%2C%22site%22%3A%22buhgalter911.com%22%7D
.buhgalter911.com/ Name: _gat
Value: 1
.buhgalter911.com/ Name: _gat_UA-47379603-1
Value: 1
.buhgalter911.com/ Name: _gat_UA-53572572-5
Value: 1
.buhgalter911.com/ Name: _ga_P1T6QELT3W
Value: GS1.1.1637997916.1.0.1637997916.60
.buhgalter911.com/ Name: _ga
Value: GA1.1.863088088.1637997917
.buhgalter911.com/ Name: _ym_uid
Value: 163799791715291278
.buhgalter911.com/ Name: _ym_d
Value: 1637997917
buhgalter911.com/ Name: cbtYmTName
Value: /oXcl5rcxNydy8vLzsvMyJqcysrKn5rK3IOx
.yandex.ru/ Name: ymex
Value: 1669533917.yrts.1637997917#1669533917.yrtsi.1637997917
.yandex.ru/ Name: yandexuid
Value: 395713051637997917
.yandex.ru/ Name: yuidss
Value: 395713051637997917
mc.yandex.ru/ Name: yabs-sid
Value: 1260670461637997917
.yandex.ru/ Name: i
Value: agx0yZQxfnyu8i/ntKBg+9w4IIS2y3xaTUnK80KtRpqxDGukkEPzymTmZBb4k3wSgHm4d+mxyq4n9oXtA7VJNV/VVz0=
.buhgalter911.com/ Name: _fbp
Value: fb.1.1637997917141.1519329046
buhgalter911.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
buhgalter911.com/ Name: _pubcid
Value: 6078ca1e-356b-4e95-bceb-b89a8a51d799
.doubleclick.net/ Name: IDE
Value: AHWqTUk9Oyg5M8f-D58K8m8K85INvajDwfBSccBh404TnRDrCM8AX-f_btIrYK_67Go
.facebook.com/ Name: fr
Value: 0SB7JweoIr3NinJwX..Bhod1d...1.0.Bhod1d.
buhgalter911.com/ Name: __smVID
Value: a4d75498383cdc1ca4136671113d0b1a0b00b77c7a5906c0ddd95d5964ae9b86
pbjs.e-planning.net/ Name: CT
Value: 1
loadercdn.net/ Name: vui
Value: ebdbcdc66685445eb7e5b7b9a6c9c8ae
.buhgalter911.com/ Name: _ym_isad
Value: 2
.buhgalter911.com/ Name: __gads
Value: ID=a3ee430318fc9197:T=1637997917:S=ALNI_MaQJL4RNQmddoDZ7fhGs9RP4KR16g
.buhgalter911.com/ Name: _ym_visorc
Value: w
.e-planning.net/ Name: E
Value: AEfB-gFTP5lBgFcT
.rubiconproject.com/ Name: rsid
Value: 1|A9O3MVYHr+reXCO8y8k1PBHnu5gfKOuFzBo8IsG0VVApwdrFUnfgL8WeZ7yD5+XNRxy85WzGAAuzFkbJMy/+K1uqnlwIuW1UyhM5ZM7bR0169gWtD79aPsX5VKXfWVv/XubL+hEPPQ==
.betweendigital.com/ Name: dc
Value: mow1
.betweendigital.com/ Name: tuuid
Value: d8cb61f2-0ff0-514b-9adc-74b8fb7da9e5
.betweendigital.com/ Name: ut
Value: YaHdXQAFVzByJR5HgVLSuMc_XszxS1EAT8Mq9Q==
.betweendigital.com/ Name: ss
Value: 1
.betweendigital.com/ Name: unm
Value: 1
.rubiconproject.com/ Name: khaos
Value: KWHHO1UB-X-G6J7
.mc.webvisor.org/ Name: sync_cookie_csrf
Value: 708585719fake
.adnxs.com/ Name: uuid2
Value: 6458645844671079244
.mc.yandex.ru/ Name: sync_cookie_csrf
Value: 3722619115fake
.webvisor.org/ Name: yandexuid
Value: 395713051637997917
.webvisor.org/ Name: yuidss
Value: 395713051637997917
.mc.webvisor.org/ Name: sync_cookie_ok
Value: synced
runwaff.com/ Name: SSID
Value: 715b4315540fb0e19c61ae3a08d717cd707c499e
.zeotap.com/ Name: zc
Value: 9352192c-dbb0-41e0-68d0-3a2acb082349
.zeotap.com/ Name: zsc
Value: %85%E4P%5C+%E7a%B0%C9V%8D%FC%E1%82%B9A%032Dl%05%7B%BA%25dZTm%28%E0%60n%1C%D97%E9f%BD%CAVVH%C6%28j5%24%7D_%D8%5C%B6%7F%99%0B%8Cj%BA%8F%09%03%FAK%7DZUv%F8h%23%8B%FCVp%E9c%60%BD%B2%FB%DD%27%82
.criteo.com/ Name: uid
Value: d277fe2d-7c4a-4017-aa8c-a5fa04d0fe1d
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: id5
Value: b830aa23-d131-46c9-b360-4cde16143327#1637997910905#1
.id5-sync.com/ Name: callback
Value:
.adform.net/ Name: C
Value: 1
.adsrvr.org/ Name: TDID
Value: 0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
.otm-r.com/ Name: mpid
Value: NjFhMWRkNjAxM2IyNDlhNA==
.adform.net/ Name: uid
Value: 224729157169359204
.360yield.com/ Name: tuuid
Value: 8184547a-49df-433d-a6e9-eaac207ea4b7
.360yield.com/ Name: tuuid_lu
Value: 1637997920
.cpx.to/ Name: cpSess
Value: 7238739462d2b08c
.pubmatic.com/ Name: KADUSERCOOKIE
Value: E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: DPSync3
Value: 1639180800%3A201_197_219%7C1638057600%3A174
.pubmatic.com/ Name: SyncRTB3
Value: 1638835200%3A63%7C1640563200%3A203%7C1638576000%3A15_223_2%7C1639267200%3A35%7C1639180800%3A88_204_13_165_222_22_220_21_3_238_176_8_71_166_189_7_56_55_99_161_81_230_54_234
.quantserve.com/ Name: mc
Value: 61a1dd60-96272-93965-aad84
.lijit.com/ Name: ctag
Value: 561:1640589920|515:1640589920|563:1640589920|565:1638084320|185:1638084320|203:1639207520|205:1638084320|589:1640589920|462:1638084320
.pubmatic.com/ Name: PUBMDCID
Value: 3
.pubmatic.com/ Name: pp
Value: 156383
.pubmatic.com/ Name: PMDTSHR
Value: cat:
.quantserve.com/ Name: d
Value: EI0BCwHpJPijAA
.adfarm1.adition.com/ Name: UserID1
Value: 7035147497331357850
.smartadserver.com/ Name: pbw
Value: %24b%3d16960%3b%24o%3d11100
.smartadserver.com/ Name: vs
Value: 329682=4683325
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: sasd
Value: %24qc%3D1311730832%3B%24ql%3DHigh%3B%24qpc%3D4701%3B%24qt%3D212_348_38743t%3B%24dma%3D0
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1311730832%3B%24ql%3DHigh%3B%24qpc%3D4701%3B%24qt%3D212_348_38743t%3B%24dma%3D0&c=1&l=-268273464&lo=-1579632967&lt=637735983208634576&o=1
.erne.co/ Name: u
Value: i7BbsPkJiLKUzbjpbOBrX4s9
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwiCjL-io-CYOhAFGAEgASgCMgsIgoTCz7ngmDoQBTgBWghwdWJtYXRpY2AC
.simpli.fi/ Name: suid
Value: 4B7E93DD677B47ACAB218B72935F22E9
.de17a.com/ Name: guid2
Value: 1.8855741626325625944
.pubmatic.com/ Name: KRTBCOOKIE_409
Value: 22966-i7BbsPkJiLKUzbjpbOBrX4s9
buhgalter911.com/ Name: __smToken
Value: 7v0Rg7TcffEd2zsaJZSojUkY
.mathtag.com/ Name: uuid
Value: 9f1a61a1-dd60-4800-a0e8-eba924af4396
.pubmatic.com/ Name: KRTBCOOKIE_1101
Value: 23040-7035147497331357850
.bidswitch.net/ Name: tuuid
Value: f4c21355-b1f4-46d1-a732-a503bb51c5a8
.bidswitch.net/ Name: c
Value: 1637997920
.cpx.to/ Name: dsp_app_nexus
Value: 6458645844671079244#1637997920928
.turn.com/ Name: uid
Value: 3013638483369036960
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC&KRTB&19420-dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC&KRTB&22979-dkyIhyQZ34ZtRN-Ed0_Ej3NE34NtHIjSeEkETKGC
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEC19fhKPU3B9XrGd08BqdoA&KRTB&16514-CAESEC19fhKPU3B9XrGd08BqdoA&KRTB&23025-CAESEC19fhKPU3B9XrGd08BqdoA
.pubmatic.com/ Name: KRTBCOOKIE_336
Value: 5844-8855741626325625944
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YaHdYAAHnHYSWQAz
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&KRTB&22918-0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1&KRTB&23031-0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-224729157169359204&KRTB&23263-224729157169359204
.smartadserver.com/ Name: pid
Value: 7988303738165837084
.smartadserver.com/ Name: pdomid
Value: 11
.cpx.to/ Name: dsp_TTD
Value: 0d93a9e2-d9bd-49e9-bdd9-59839fc5eba1#1637997920968
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-6458645844671079244
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YaHdYAAHnHYSWQAz&KRTB&22978-YaHdYAAHnHYSWQAz&KRTB&23194-YaHdYAAHnHYSWQAz&KRTB&23209-YaHdYAAHnHYSWQAz
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&KRTB&16736-uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&KRTB&23019-uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba&KRTB&23114-uid:19ba61a1-dd60-4000-a897-fd4ee56d5aba
.analytics.yahoo.com/ Name: IDSYNC
Value: 18z8~21rj
.yahoo.com/ Name: A3
Value: d=AQABBGDdoWECEIzuMS6Fg1XujTN8DE7MKEgFEgEBAQEuo2GrYQAAAAAA_eMAAA&S=AQAAArvRo23PSAXlhfKXdv6Lsvo
.cpx.to/ Name: dsp_pubmatic
Value: E908C12E-9DFD-458F-AA9B-5C94EDDA9DF6#1637997921005
.cpx.to/ Name: dsp_dbm
Value: CAESELne4LTOyZYzD_y11z9rquE#1637997921005
.bidr.io/ Name: bito
Value: AACa6U7DQ7sAACouaNSORg
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-3013638483369036960
.bidswitch.net/ Name: tuuid_lu
Value: 1637997921
.adsby.bidtheatre.com/ Name: __kuid
Value: 66003f51-23b5-4dec-b7dd-744de62c316d.407211921
.casalemedia.com/ Name: CMID
Value: YaHdYTD9tT3o9naxhQZTEgAA
.casalemedia.com/ Name: CMPS
Value: 3245
ads.playground.xyz/ Name: connect.sid
Value: s%3AB0ZrZSRBmSx9vfGNQp5K5zHYIj2fZGkr.UUYPJ%2BUS0RZOuKCKZEDVe005V%2FIpnrb%2FFlKX6Sc5%2BHc
.pubmatic.com/ Name: SPugT
Value: 1637997921
.tribalfusion.com/ Name: ANON_ID
Value: ahnoeUm5abnAyuoEVMjZbQLXWyZbUtX3VWAYwWMFLT
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-no-consent
.pubmatic.com/ Name: PugT
Value: 1637997919
.casalemedia.com/ Name: CMPRO
Value: 1211
.casalemedia.com/ Name: CMST
Value: YaHdYWGh3WEA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2E?eG^u_f!@wnfH8K6pQK`!5=E<*L5?%K/e-GtvXOPll834lvcv<GRdv5LM@X+nAu3O[eP(hw9P-HC_#ttqZ)mNF-
.onaudience.com/ Name: cookie
Value: 70cc4fbb6a56e850
.onaudience.com/ Name: done_redirects161
Value: 1
.mathtag.com/ Name: mt_mop
Value: 9:1637997920
.ads.pubmatic.com/ Name: KCCH
Value: YES
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qrUhY1+LK/Akvd+SIDR0vFxngpUHTBxg7iZwfgimBu7tVMcpr9lIpE6e8x9FX/SGzKqVtMl8+GIGCYbB5SW5XQ3DwdQPoJZYLSma+WVcS1g3g==
.cpx.to/ Name: dsp_rubicon
Value: KWHHO1UB-X-G6J7#1637997921220
.casalemedia.com/ Name: CMRUM3
Value: 2d61a1dd612760CAESEJ0aKBx3RLaT-PsDDjrbUxI
.w55c.net/ Name: wfivefivec
Value: CJmHPDFI1MQS5j5
.adnxs.com/ Name: icu
Value: ChgI2KZEEAoYBSAFKAUw4bqHjQY4BUAFSAUKGAjhrFoQChgBIAEoATDduoeNBjgBQAFIAQoYCIS-YRAKGAEgASgBMOC6h40GOAFAAUgBChgIrKJiEAoYASABKAEw4LqHjQY4AUABSAEQ4bqHjQYYBw..

7 Console Messages

Source Level URL
Text
other warning URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://cdn.ampproject.org/rtv/012111011823000/v0/amp-ad-exit-0.1.mjs(Line 2)
Message:
Unrecognized feature: 'attribution-reporting'.
javascript warning URL: https://ads.rubiconproject.com/ad/17210.js
Message:
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://id.rlcdn.com/709414.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=54
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8c84d2f690d45933efdd30d66e71fa97.safeframe.googlesyndication.com
a3165.casalemedia.com
aax-eu.amazon-adsystem.com
accounts.google.com
acdn.adnxs.com
ad.turn.com
ad4m.at
ads.betweendigital.com
ads.projectagoraservices.com
ads.pubmatic.com
ads.rubiconproject.com
ads.themoneytizer.com
ads.travelaudience.com
adservice.google.com
adservice.google.nl
adtelligent-d.openx.net
adtrack.adleadevent.com
adx.adform.net
ajax.googleapis.com
aktrack.pubmatic.com
an.yandex.ru
analytics.factor.ua
analytics.google.com
ap.lijit.com
api.rlcdn.com
apis.google.com
as-sec.casalemedia.com
beacon-ams3.rubiconproject.com
beacon.krxd.net
bh.contextweb.com
bid.g.doubleclick.net
bidder.criteo.com
buhgalter911.com
c.tmyzer.com
c1.adform.net
cache.betweendigital.com
casale-match.dotomi.com
cdn-adtrue.com
cdn.adnxs.com
cdn.adtrue.com
cdn.ampproject.org
cdn.gravitec.net
cdn.jsdelivr.net
cdn.projectagora-adtag-library.com
ced-ns.sascdn.com
ced.sascdn.com
cm.adgrx.com
cm.g.doubleclick.net
code.createjs.com
connect.facebook.net
core.iprom.net
csm.nl.eu.criteo.net
csync.loopme.me
d2849lw36e7cot.cloudfront.net
d2zur9cc2gf1tx.cloudfront.net
d5p.de17a.com
dash.getsitecontrol.com
dis.criteo.com
dm.hybrid.ai
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
dt.adsafeprotected.com
eus.rubiconproject.com
exchange.adtrue.com
f494833544cd870f2e41561157176e8b.safeframe.googlesyndication.com
f6fe6038d3eda9a0336c2816093b1f02.safeframe.googlesyndication.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fra1-ib.adnxs.com
fw.adsafeprotected.com
g.themoneytizer.net
ghb.adtelligent.com
ghb1.adtelligent.com
ghb2.adtelligent.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gslbeacon.lijit.com
gum.criteo.com
hb.adpone.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.clean.gg
i.w55c.net
ib.adnxs.com
ice.360yield.com
id.gravitec.net
id.rlcdn.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
js-sec.indexww.com
l.getsitecontrol.com
load.sumo.com
loadercdn.net
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
matching.kubient.net
mc.webvisor.org
mc.yandex.ru
media.getsitecontrol.com
moneytizer-d.openx.net
mp.4dex.io
mug.criteo.com
mwzeom.zeotap.com
odr.mookie1.com
onetag-sys.com
p.cpx.to
p.rfihub.com
pagead2.googlesyndication.com
pbjs.e-planning.net
pixel-a.sitescout.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
player.adtelligent.com
pm.w55c.net
pool.admedo.com
pool.grid-data.bidswitch.net
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prg.smartadserver.com
projectagora-483829-hdb.adomik.com
projectagoralibs.com
pubmatic-match.dotomi.com
px.adhigh.net
pxdrop.lijit.com
rbp.mxptint.net
rtb.adentifi.com
rtb.adxpremium.services
rtb.gumgum.com
rubicon-match.dotomi.com
rules.quantcount.com
runwaff.com
s.ad.smaato.net
s.amazon-adsystem.com
s.cpx.to
s.tribalfusion.com
s.zmctrack.net
s0.2mdn.net
s1.adform.net
s2.getsitecontrol.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
smarttag.rubiconproject.com
spl.zeotap.com
ssc-cms.33across.com
sshowads.pubmatic.com
ssl.gstatic.com
ssp.otm-r.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
stats.g.doubleclick.net
sumo.com
sync-tm.everesttech.net
sync.1rx.io
sync.adtelligent.com
sync.bumlam.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.smartadserver.com
sync3.adsniper.ru
sync3.sniperlog.ru
t.adx.opera.com
tag.leadplace.fr
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
vap5ams1.lijit.com
ww1097.smartadserver.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.nl
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.tns-counter.ru
www.youtube.com
www5.smartadserver.com
x.bidswitch.net
x01.aidata.io
csm.nl.eu.criteo.net
pixel.onaudience.com
pixel.rubiconproject.com
pool.admedo.com
s.tribalfusion.com
simage2.pubmatic.com
sync.1rx.io
sync.adtelligent.com
token.rubiconproject.com
trc.taboola.com
104.109.78.125
104.111.233.227
104.244.36.20
135.125.163.79
138.201.65.66
142.250.185.66
142.250.186.162
142.250.186.98
143.204.101.224
143.204.98.128
143.204.98.95
145.239.193.145
145.239.193.51
15.197.193.217
151.101.1.108
151.101.193.108
151.101.194.49
151.139.241.23
151.236.118.210
159.122.14.34
172.217.18.98
178.250.0.163
178.250.0.165
178.250.2.146
178.62.202.251
18.185.182.242
18.185.8.23
184.31.84.150
185.170.61.66
185.184.8.65
185.187.81.41
185.29.132.241
185.59.220.198
185.64.189.110
185.64.189.112
185.64.190.75
185.64.190.78
185.64.190.80
185.64.190.81
185.86.137.113
185.86.139.96
193.0.160.128
193.232.150.45
195.5.165.20
198.148.27.140
198.47.127.18
199.187.193.140
199.187.193.166
2.16.186.26
2.18.233.180
2.18.234.21
2.19.35.65
2001:678:cb4:bbbb::11
2001:6d0:4001::226
204.2.255.234
213.155.156.183
213.174.135.1
213.174.135.2
216.52.2.48
23.111.200.117
23.88.75.189
2600:9000:2156:5a00:19:ba84:7f40:21
2600:9000:2156:5e00:8:48e:53c0:93a1
2600:9000:2156:8000:1b:5138:8a40:93a1
2600:9000:2156:8e00:6:44e3:f8c0:93a1
2602:803:c003:200::21
2602:803:c003:200::31
2602:803:c003:200::77
2606:4700:10::6816:1857
2606:4700:10::ac43:607
2606:4700:20::681a:b19
2606:4700:20::ac43:4bf1
2606:4700:3037::ac43:d405
2606:4700:3038::6815:ead7
2606:4700:3039::6815:c06c
2606:4700::6810:5614
2606:4700::6812:272
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1450:4001:808::200e
2a00:1450:4001:80f::2008
2a00:1450:4001:810::200a
2a00:1450:4001:810::200e
2a00:1450:4001:811::2002
2a00:1450:4001:812::2001
2a00:1450:4001:812::2006
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::200a
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200d
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200e
2a00:1450:4001:831::2001
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
2a00:1450:4001:831::200e
2a00:1450:400c:c06::9a
2a02:2638:1::13
2a02:2638::3
2a02:26f0:1700:f::1737:a1b0
2a02:26f0:6c00::210:ba1a
2a02:26f0:6c00::210:ba2a
2a02:6b8::1:119
2a02:6b8::90
2a02:6ea0:c700::4
2a02:fa8:8806:16::1370
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:d018:d29:3602:1ae5:2286:b535:86e4
2a0c:5c81:5142::2
3.126.16.11
3.126.38.41
3.126.56.137
3.223.51.50
31.172.81.158
31.172.81.172
34.120.133.55
34.139.145.185
34.210.167.181
34.211.223.103
34.243.225.216
34.254.122.11
34.95.69.49
34.96.105.8
34.98.64.218
34.98.67.61
35.190.0.66
35.244.174.68
37.157.2.247
37.157.4.23
37.157.5.142
37.18.16.21
37.252.172.250
37.252.172.36
37.252.172.45
37.97.204.145
5.178.65.245
5.178.65.246
51.195.5.40
51.89.9.254
52.18.128.217
52.215.67.233
52.30.98.117
52.34.133.113
52.46.130.91
52.86.134.216
52.86.185.173
54.228.184.1
54.239.38.253
54.38.64.100
63.33.224.140
66.155.71.150
67.202.105.23
69.173.144.165
69.173.151.100
72.251.241.204
72.251.249.13
74.125.133.157
80.239.201.24
82.145.213.8
85.114.159.93
87.98.128.108
89.108.119.28
89.187.169.47
95.170.82.90
99.80.191.196
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
00b7af3f1cc48cec37218b2a69f5d1a0507eecc4ebe7a272aa38f8a8c47570ca
011eebef0d7034728d108441cd123924e554680601c9efd3e0e82e7cf0630c2b
03736b108efeca49e24b0f35ff8b9ac3fb4468b6c64de144b1b441cba12f46e2
04082cfaa14c7a04a29bf53810bda0de1aa03910090a4aeffb198f4e8bbf70d2
04f5d63c75f9fabede423b3d013e6efd9a448190898a34499a4010a59014a8d2
058f76d93a417240888fe7522aca5a1322f3ff8f86ddc950a3c347f0a1ac57da
07c843192e71017acab9f1a33bf25fc04f4b7e924f76b42d11362ce1dd148346
08d781d864042c446c11c1d0d3714595870c891f11c28b87b99164d7e3d0a21f
09890daca99ac7e2841f75cb53c5910df0370160b67ebefc699495df6774b0e9
09fd24da84042364b383ca3b85080710d57aa04250a573c3b1d740fba47d4f5a
0a91fbed903c7ee569d116adee58d579d0c64775a469ee86d3cc4281f913bda1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bc2f6c55d7b4c44594f292ef4424cbcf33f58df0fe0b265b0e925d2432b93c0
0c69092108eb6839e8c16492ef8830a16f8cbb9aee9331ce04717bf4cbe3df73
0ddf7f63c2c4de8623b8f34646ea08078cd54452d0a85ed216976438978cfa24
0e69850ff317850db7840bb0ffb48d51d89c576b15bfae4448dfa21c891b2b8f
0e77b06cae845567053bea2ea2b7634e71963370e008899760dddea795ee7e8c
0eab85a4383045144ef624b43823a228b64db824f1e49f8c8ee0dba65272e8d3
0ec1afe33642581fe576eca90626e9785ec77e73f7b2408f3b9c64f5c8d88f8c
0efe00c23297e5c56485eabb6ea548c2669b896704fcb2c426d898148543ccad
0f7637deb27c53d88e3d07ca2cdf19ffdc0631ab47f5077614dda1338d7c80b4
10d7b260f98e80b969a89029f6ee067b0741db83afb176edf0234ad606148886
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1206f9be78a66c0fc232a956ad5e637856124840b2f9c1ee77a611bd43d08d91
122fac0ffbb44fb8bba0388baa11afc67faec3b223a06871a40dbcab4c6cc787
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13b51f05a32209a9cb536ebe3795915619c002a76882ce2715f85b4d5f785ce0
13ddea47b8f9779ed3837a2f3f5e7a92a86f6435e4272403bbf760f869a7a849
1485460341dd7acce60bbff4b235101869025328e39f205fea7c0ea0f4b23ac6
148e8df0a73dcd1a435812e122b3d309ffad13f5af041cdc1d58a4c817afd559
1671f519e694d8f0e0e4630ac7e501bde60dde5c1083c664dd767d7b776b5ea9
170f1a940ccc1944ffe15eec9f65f60bc37d02ae6d42a856ce8272fdc58b22b8
1738ebb95c4b540be39b57f3f3fb08e8fcc65d368f5614564f1e643a384ef676
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
185c464ff5e10953eb8ea740e5631c1c3cabee38978a30bed3af995d734d9d53
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18b3f553ed4e99f00487ba3d580a56b277a3a9afac4fc2af47cd7d976054475a
19a7459e532174819bd05bb3908d2d31781f99b639183771debe416c77cf9795
1abc5469f1235e85489ca1062a07fe18c7f449e3ba039d3de0da07fbb3c5892d
1acbb87b247d2b4b2713957697463365e122b0b528034f8638f4acad382efec8
1d165fe5be8abd1e2e92a5f471ba17c9d6721a7ef6ed77b0388763308701926e
1e1a489be9344fb41ef3a7aa4287f6732ad45ca110a5bc6710a9024ea02c37f9
1e1effe54127d395d46cfa64a72576abe773b4ef1678a7cc2e62319d313230e7
1e6b3f15f7a38a532c46f7bc29b8762c0ccab14c6e3644e2e3032a8cefd631e8
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222
1e96e64228c84e0507b7ed9cffc20fd62f6faefd0a1fbf517cd225b88aef9f75
1f0830adc526d413b6f8c3cff6c2fc0ed15c28f48fbd5913023bda5b4bc165df
1f2e1cd74b4b1ce306091b5a8fd65c2d2675a66b79e765cebb323d1c3cf577ab
203a4bdab26266b358deb62aa3878818363aa615edc7e1b361110d1cc2165a51
216bea75f6510445e4d66f1f773f38bd3985c4423a41b1452fd4c82b3d602443
232334d177f358c07f8271994e6fc0c018abfce7c8910deb604de1440d741c45
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23b89bb3578573b474d7a69e2df32e8f0ee7839a44392edb040e4117a07ce6fa
242cbc6dab2cdb1f7ad511d17917302d9d0e4a84b6f21b6744571855a90c85d8
2452165beec9e82dfda7a113e9e01a4d389c88c9c64da76663b39cf744b8e80d
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
278393caf9e3b1246267fb79e95027449f041bbf8e8774a4cf46d72cc09b7405
29af0c8109de86bcf0f69ab6f293c71bff84e52c48bdc4193e2e9583f291f726
29b9db587496c6bd99e671af1dcb395dfa20c5bbf5ae26f0e2c0c85ed9614167
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2dbf4667b656a2c447dce776af92f817c4e8e42a9ff19bd09e642babbd70db5f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e8548e063ae8b8f6225ac344af4bb535397ebd3003665e27e8d4b2716770db9
2eff8b6d9be1eee63c8359b5d773e949f3220f184685cb46d6595dd5c7caef95
2f407afb6e31e94afa02ee6432e02129cf43f15c7955e9f53c645c5d844d5019
30f094b609ebf2611fc4c77649b862e9a2b8bed3fe142c0e9989ae20638abe79
31019413fee993018ee66cb39c98ebf7b37365b9e7b439fdfccc33eaa81429b5
32b5c88160bab78ae20a39de4a8abe015f4f4c5d48be8300a6686d32a570ccfb
33449f86b74afab1c711c8643debd12f183f23e2485856a69e77e56ffe1bbcfc
3377a6953c4c488da8e547e9aad19dcb2d6164ee85cdde1ab0885c30d1b3753d
34229c23c4538e749b2d0f2503b93ac02a4877acc82c3a8cf10b8646280b81d3
3439354c938f62214ecc9a39e0152c039dd5f4c6b875c2a0b19e17639fdb4164
34896f4a9ee1a27896ba8833180dce8bcccaeaa25566b7819b0126ec4822973d
35196923692f06f97491caf22422cce4b612d5ef07c51842ca94a088b15456e2
3537ac4e95ffb9e58a23d37e408b3d5bfe1d9183351b39a56481b8573fea7e0b
3593cd459624b4045c356b5b3836b15b58023417c248b147e361592af554b204
36aecd4542cf4c62f3d0b0517e0e560aabd649e4efcfce254a95c5adeb388a5c
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
372a3186cdfa2b7a80c939a0496851ab0519c9b8cb656609fb902168ee053a8b
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3877a009c29d6544113f27118f4d44385da6d6703ff8d53ed031e6da71825888
38a99c15dc41db0495bb2eeecf10d3be2526ab49557c9b27ef8273ab7f6a5d12
38dd5741c6a9fe3cb4e1fd84bf2e9b98c79a8ace752ad5dfcb56eaa30aff92ea
39aec506cae81ef988c4490c41ade606205484a739a3e6f68e9b47f4e19f7577
39afd42fa1dfeee3294802d18639616dd2391c3b72f846e6fe560066e188c92c
3b08925331198abf43250c5552c0daa9ca23853539b338341087eea3671189cc
3c43dd8b5f8d1028a9069b96de49eb9031bf0a5660164038537d8c5caa1b8029
3d1ed1affc8bef9859778b9821375af240dff09e4aa8411456d3168206ed6fe7
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d76ab4ac854cafef51bbbb5177ea75816df90e3c775294991a016404f2b6bb5
3dd9aa57367b6cc740caae552d411726e023cef38b4aab1ab365a7ce34b58d76
3dfc01bbf95b7f9c6c99fd49ecdef5320009ee7382f859601b84898aacc7ef94
3e5c7c0bdec79bc724927b3dec768e0f918b437070e4e268c92167b5b17ca49e
3e85521778b582dec0c9da83061a923f870be46e626fcd2c593ce4f404a948b6
3ea2994bcce3f61449fbcec48185b3e21da29097a5693d9135748cb9d015f39e
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eee78aaf4f9dc8d0d36d3dddbaad9094ace5d91611f9aee6fe0b44b0ed46ccc
3f351eef4b0a3ccd70ff9d4239851252a0a6eba79471e530f9deec0b3421d132
3f7e07baa2dd1e0354c488017769a65e3baf00a29a1ecc6d00861f279e1b0ca2
3fd5af5f3872e2e887b50e4422e2f3684ef235ccb9a9179f1cee410e79d42365
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4006e0481f9cfffd3a579c3dcbdad1b6953e844c1e3c76a8d9f86844c98d87a3
4086ab4839789b04bd5403ce77f1360b73d3bf77a92a81866d589088b5b7d2d0
40a367be45e611243ba2576dda4754871ab0ee45d0ceee597cf217bafac207b6
4145bcc602f84a695520798fe63830e806c8289da65274e6fb11e138c5c1cc17
422c56a8b0a35ec9c85122a8b8f28cfe28a580e1d9ecb5a08021bd357c8eb6e9
423b902b33f957b431826ef6688c54edbb9df750d79cc5ec707e051ac33bb12c
428f1eb7935944229430ac0fdce0033f05d9b8c1c020b87c681dd7a78ab4dd19
447696257c6c19ad8c6fa57c43cc99c8169f437220b985cac212a823980f4f2f
4486265c9c6592ad2e499bcefcd3f91346ddba53966529a36c591209d1e60f7b
44ed1873e1c56b330d1e7314fa768a5835ed04f254c4ed89965dcd13e4b3e237
45af098dbc6221aca6df4def709e3a268fe006ed9bb44263bf3fdb1c33e5b9f7
45cf150078bf4b82c64560f6113507d21c77b3f848514adb57e718c5c6b23296
46d5273d735391f5c05f0fb82df9a363a290419c3aeea2d64dfc0d46de9a9681
4734ad6d0381c5320a9bd48cc2669cd768babe44676e6a18caea1151b6edc52e
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49d03c0512222522354f413d33c6cb1cace07dde5011a02a1a8e24e837c46d72
4a0a55ede49967613efde001805c862157a4f477f3546dd3c197a8a1d6398d82
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b6753aef2f81a4813434523b259d9d19f368ae41cd40162bf0897bc4e334cb9
4c2a0a41bdbc55f5d0f74f367110639cb7fe35122a7a140846d1395d21609a6d
4cac7ae10b642d991145505ed5ae9c55aa4f139e27900c8fe24acc2285612858
4d8a85e52c83c5c0e190516967d1ab0cf08bcb6d895c3941de9b1124d99de932
4e005e5b5bd0708c6d7cc6e8e34e7469749382adf152428af9fbc749aa93c5c5
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f8427d2d71d665ad56de26ad656eef0ac0a98acc788dae358ae3bab78d237e3
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
50562f8389ae7f074335382394cedb267744b2b31fbc87f656af49db4b3642d3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50f3d88597851c499663c1552673d400bf24afc4aaf46586e932926e0d10094e
522589bfd743beeec03b9a97b547e046559a13d66cf29674e661a8aadecf9d27
522ebf8104af5cee0d26cc27240d720e73a0be569adc89d0ccc81f9d8913e445
535f84cffe4a18de721d24bd0f6a46f059068d48daf2327d143e0397431cbb14
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53d3b513684b230591b0203df937048eb52f4e03e470ecf1ac2bf2477476da70
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55d55ff23c1391dfc50ac6ef4794574013f8ac77e1196a6baa79b331029d28bd
5654d7b838075832d71b8b0a805ac7f47c157a4504bf73443cc92aa383480b30
566f1f7d64379342927e78274c526e634c394fda54cf4145d698b815952d01f8
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
57c6dd434ef6d209622afd433f1e8de565d006d41f8679abef98365ce119d727
58a333a059b984e23c25d19292b7e65b407170c21c1ce73ad6dd63bde9d44098
5a7ede4af727fdf16b794519d0061d4e270ec8f7f1e8da98088d3575c28f3048
5ac6d10c50a718205d0a6a9c86e7b0e6fe26a4f4f41ed83cc4f8c47ccfb531a6
5b33484ed14360b7eea820b16a1741879295c7a7d6d54b6189d580d002e31099
5beecaeceee4fae5080c40d2ad96dd7c0b7e5a9bc242fbe2b99ab1276aaaae94
5c92084dec60847faa5d1719a8b8c238bf82f3f1ca97a8474acd3c67e3aed419
5cf065410c17c499f6f90047d16c8aa30abedee3046803fb336fdcce0118d2f8
5dc2a59a4813375499320d39967d6984413e989e6847dd93c7ee0dc4e9d3fb86
5dc9d61931a73fa03b59af510868b7e89e4523df5a53935212ca8a9b31af0b8d
5deb856949b841df89e6db17755544b5b2676d44eec02a69f2a0390cde91412c
5e3c8d2c5989b14b5340f7190b29e71db90fa4a6e771df12b7bd3d03108517bc
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5ff572b0d1ea0fa4cc55e9299e513463b3e4335320fd698cc6cbc0b07264fc39
612a8541b1c6e99ca467ee2ef290d23df8c8511b0a9e1ed3f9c1b91cf2df6235
62ced833a0d5fe586b01ae6f47ca164b23950e87fed50fac73c07aa4586d929b
63bf8d7e8ae2b2a8c524e239d20e7e648770b94a0eea9a8a7997052bbb277508
63c1a989826d295b0f82eb942dbea2e7a6440ea643782689d3d53ca05abfdfc8
642d525b2b065ebca4319c7cdc79ca9d896783c399bea4b60b2485290edc9851
65f6185cfe1cf88fa7981160dd6fa443e111887215b72953718ea70f8e2ba9f2
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
68e770568cc4c56ab4d321899ce5af7735e9e6f986ac70c635235260b0fcc74b
691ec3b2f88d43a6192f5bacfcdb304666be09343eac58c59b1e3f8ae650ae13
6aad48dde0907d035bdb01024f52600bec81a2c05bcc6b81469751d567faed27
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
6b8f96eca9e123ea70ad8669abc3d252fb20a5a46797e5d92704d9c48ee845c4
6c7884164b248cb8d87de9edf64dc810e5753bb8ec0cd015800d7f39e08371c1
6cc0eb2c4daa4f0ca21c02b0a6529de5279daaa7c6b49706e7bd560a295ed645
706431832da1dc887051740282b400cc52c6cbf1b0d2a4ea47b9f3eaee2bb4fb
710eaefbf0a4bcaa67733ed357220a8e9018476262b2f3ca8ae90821a79da99d
7137769a0bb2191abe2ea4cf2f40478848fd25bcf799a13f652e911aeca8623f
71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba
71b3e9761dec1834f8152f030e564ed3ccee88e6f133764557faadbebf869c2d
7209c26bc245ae1b293f4b9622201b1dc97282229a2e8fcae555f36caa8650e8
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
73eb2099bf64ea4cca61265b7264166e2df4d2888def9a5ddc3e223aedcd8213
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
765de0e56affe3c5adbc9a6956016354fc2d6551bf64462b6854c49ef05f0dbb
77437c66b6e6ce55f981e27fc46ce8597a9a7bc334a27bd4d7d37ee9b9d8383f
78ffa17efb82cd3e2c564738e22039c22f2aaac05f2531dbb9464212e8e53e35
7c5b7c964df44d8e704b8071fe3ca82cb91efcd82c69bca428e5f694cb8314fb
7db7809740f0ce74ab4d9aef6bd1d2de77f0fc9777b7f8537cf9127e4fe4f3e7
7e176e51c1dff07522d527754e78745b4fe73db4b875ab85be5ec57e2e35346c
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7ecfde1cc5c8c002812f5cd0febbd26a037618d51d9db24b6fd0870e21fc0a0a
801e3bfaa35cc81cbb10567b2520e7889cfa05add40afb5815d821462423006d
80a74bbdb088413032bd41a6094146d50aa3fe3523ddda65c019a4e56020307f
80fccb00db57a177d26368cda09f8a540cf1aa641b8b6837047e86d3bd8d6333
813174c4a405bf6b4a59be30ff0be2a4af80478ba13eee3a541ebe77baf1f1f6
81d43b626c290cc388ec18a5dae4e1c8f60bcb8f6b6ca918adea1ac473527cf3
81db3dff02e26ef2b2ecaf02ff3b4254a7368d12c23033eaf359bc08f5a2ae36
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
836c18f92e8a0cee4ce80d8848bd280d449b861253ee09c0bda31d68c69111f7
83c2f6c6d4ad462560c5dd8a22c0e1f70cd83b6bde7f84b7e69837daae00aea4
84348e4690919a9ed56cd0aafd148f99db323fdcd23234d6c4d203fcd004a46f
8530b24bfffd2465363960c1d97678d88d38da0614b574bda4f9dc84f5a647ad
86bfaa94c6c352c3ac008e5225016de1216112134a61454f93559a98e6b01b3b
86df79a7e63417bc744f4d04562e942f26620589d098e90cd6a00ed4df31c3cc
8854752a74f17180183321d2dba6179fda1d37cd626d436d2236dfb797e57fb8
8887f8505f7f4d3e6d0d0aad1ded9585f1c752423a1c9074b7bc8baa67d44cab
88b8317bad05fa241b8001ba25175171729b7df8d67f4f1c796e36e52a4a624e
88c93c0c08742c1c370ffea548c761c0ea1fe1a4bb8ddabb3be155ee8fe7d1c4
8a0a7e4a96032fef0fb0f8df402c1f68d093b00cf72e1aeb282f1b57126a5f42
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8af035c47ad972ca1696b08046b50a97ab88a56cde180e95cd1688a0f5153eae
8b230f7611d58ad583cc50b2fffe6e9eafd2bad567f0b09a5fd2363c0645c1af
8c54d0ff8818989445f9a9e5684a8ad36a42a5a08672f60ea1c16c76e6b270ee
8c91869779c5114eba9df5eb2de39a2731845fde9bc663a78edaa9482f8b3a47
8d1dca9984dbb40c609ca9aaaa4484db777b69956e1259dbbe4d905238f4fcc5
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e5e9a0751b18384e0e3de2ebf4f57a8572d7d4fd25b43f74352a6e7d59c9127
8ec1d91715b229d6b5e17f556933cfe0c8b5b99383607bfce6d6ae0b29e27026
8ec42741164077a8e2063e83f25afdff15bad210fdd0511030fedde8f5fde7cc
8ecb66a310d4f8e9cbde7cbf0debdffd84fa1ad0bb3bf3586b16089f7558f1bf
8fceb9666c98db92674eadc3bf22b5811f633e794c6400d43d9e1075e9d7618d
90b2c189be5f0290cd8d7003c28c08de7df1eb1d6240b24f699fc75a4132b70e
91ef4292bda21e32ea50392e2659cd158681f9b19f3cc11177ea62482928c4ce
92596ba6a5faac2bbe8c8e84768d1b31625fe351d6798d6840839ec5d511a24b
92d716be22a49fa0e8ee0ea4688674b48414a2060b2fcdd77d3863a1a4bcb06c
9325cb86c14e757a3266ab710efa8294b3cd00403310dfe09e6f561f7c94b438
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
9467ad6fddf355d39bd47963290339b7fc9821739f025fc0c367def44746014e
954f44c30f6ce0aaa017208d7d5c0b45ff9a47e1c57cd971870fa44188980bfc
95e74883ec27e561682ec4737f6deb2f1a27f4134bd6c4d75c83cb69ae8ae486
967ff48c41053bf7c36f819b71ee6b509bd9971857397d74b41c75acc5bd27ae
96e5f285f659ab635e1534c6c2ffad42409cfc077b38dff06ea0550d97f01859
984601230d8cbfe18370425e8e897037cc1a7adf831a691a9ede573cf44479d4
98ba8f881333898d751dabe4f8b4cacc4489a9f5b6b4fd1fc67c571dbfec95cf
9a306222f2fdeac0c8a817680a331631db2d99984c06f8cf8b210e26e84f1572
9a630b852e94f20cb8140704fd830bf40bfea0a2effaa67d06a0eadafbf3d508
9a97c5e883ba517083bfc235752fdf5f6471c459d8c45d3615ed3b611317435c
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d1cb86ec27e86dfdefab39206fb510070d00b81d91f11ddc6720e3c62629d32
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9e97fc43ecd2f16948c3a8d2de65e0e5483db4ed5ab174058c178ca1c8665d0b
9f2fb1dd76a1458024902db79689a96b5c5bc34ad48b32bac00a2eaeca5d49cf
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a16f0e9c4d3da787c37dc87b4acf41bc3117ac731d671f441a4e5b47c715ae30
a18ac760badf65c852e1d545b4f43e921458da84d6bbe4e2075d6a44ae2991ae
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a438e75140c81f3c8747f98013700f7ad3bf8040301a35f1aeb6e1aa1e77d6ca
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a58b7ae9f8842735fad3c9bd9701ac0f552b1cec6cf5d0a1adba35e82c11eec2
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a5f57f7c1dc3bebdd998560bd3389818114fbd9a4801c7bd91449f8356f99aed
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a757a4c92c3e8074624e5ade43713117ecda729453a82c648b34724c540b7483
a8acbc0fa5ff9f288200b044f179264a7e096ebf666d6aea824ed4761c63868d
aabcfe5e5bac6d066f9361652e5541a5fd3cb8fc08948bb6b6f50110fcfb4160
ab4aff3d13c8faaaf046472d83c33f2f3b00f8eef7278068d8946a8ed4bd8aa5
abdaede377af65cf46344efff9106f62e6560a00d364f731f070fa7dcd3608f0
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
adff04eafd163a8122ad044c4547af6b6ebcf06dc13983ed25738f1ea878692a
af64a6f3ffc388b91cd70eae25893f7bea7e8e7d84d2c2b41c378cfbe13651ff
b0351bb28a4d725699f66cdac44182c3712aed490ffbc15b68c8924eb7c56fb1
b10f455f1ed931df225b2009c060fe100856445e369e730cbb650f830abec7a2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b293da293e978e3003163a6591f1c97201ef6b6bb5906b9cf06f1230b6b526dd
b38e51a4ea07654367a3a16ac735491c5f12a995811ac9bd14beb0dcea831181
b400c23bd3335097eb317390ecf1419d08c46a28dff049598bf62b707be1c1c8
b47b4ca26c57e3dceebd7abd067df9622599bed6bfb11b480f92d09a945cd213
b4c4e2f3ca3eb4b6a814856d3ce31459a48549c76a61264ee3183fc2c4b0c565
b60eb2482580045901dc6e1a6b08389119a4db9c5e233b30c83e497c0ee7c809
b63b276b241dadf953d02273d5b5e5115f80e8bbb51b1d4b6857c03ed0e609e0
b6c8ebf693b3cd4bc48c9705c81655f42abdfd8523232ed12212c5f0fe1a2dc5
b7446ee9d7985c2dc01fceb62f0da7baddb3ee757bf00759905da6a5e8ad34a4
b75c28722e8d3372cbdcb0f23360ee8be45499434d9d06e9349d4172f36fb064
b9846aac246ff70011014258edcb84deadda4f310ade97b7e45534e28d3cf9bd
b98d68dfcac900dd387f517a3e8e5d84bc1c3b775222660221c780a73d729fb7
b9b2460bac03341b3c6a922fd753890cc7ec0da4297d3fa011354899e1f9bcba
bb0accbe8d19208581ad68ffd1a5d9dcd241a4fd1c2a76734726a5dc8c2fc2ce
bb349933a2fbb6492c1a11146d34ccee04b3be461b6623f5eadf431f1f5aded4
bba763856e9cd68a4d84522a4a6efbb6c779779c071954d406d21090d1b1e29b
bd6d5036487a2eb8133053332d1c9412d434d628deb0c204783ac0ba639917ea
be38e9556a88a555d91f5d2284c25686bacdcb285614cfb88db4861bb4c3c402
be91f18df6e006242cdabf8678e83f6df4b713a2ffabca522cd9e2619a255f2e
be9728ee7fbe591e0decbd574d066fb1dc4db1ab65a3cac03302cc00711dbe01
be9b99d1d6893e64a41cbbb8507e84c60c1511a8768c7353baf65386af03aa1e
bed90df04dc55371203229b11e3d9e5eb3f8c5753af82611cd2bfd06bef1495d
bf13ec800c27643c12ab5bee0864d4b6220f6e3830a98f5f17efa779624506f7
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bf2b013d555c6aae7cfc7f81b516e495b028c69ef323ea8a42152bf96e77f650
bfe648aacb5cdcf19d850f54c68d244c2fdd65e7ab0bd48f39048891e229807b
c0fb763f2f2e80a902d63860360c9ae467315055f06d4ac3a8cf0bd5982573ef
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c25a4ea2cd2003381fd6a9118f631d3be90f549b63598e8bbc523ef0747731f0
c2672e8516753c735f70b3dfbbef904df3d2f8fb48db4e6288ecb8aa18c8845f
c32e7afe7f32f85fb3feb8b454861308f376f173668f56cac69ba9d7c5b446fd
c42287535028a9cafdb2de2be1ae978094910b28257d145a6a104a9f4ed51879
c45cda3c584727700f9863171b42e0eebec131b3ed2e25111d191d693c5f49d9
c5265b2a343e05fcaf0cd05b0dd03975c4d83e4168eafea7236a99ee46caf79e
c55eebd9845964c111ecdbe7e583ed00ff47536f13c46a7e9c70430cc7ea091f
c5a7e1a01e97fddf0d6fea76f7a895d53516d76728a4615816a71afa8141d8df
c60b93effcbac344d2c30270e0d97323af0f64f43f3ac4d8abd486a875477169
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
c846a0262d82ade117a598538a1e27fa05b9fff6bd028516417f32f6d1613230
c8de81a1acb5f3788959ecc04eaa6526d5bdb29991157cecbef71042268c0374
cb39e207acc3d3c7c7adef0a3686753bf4cc85cbdc0dfc16f8b875c203c8ed22
cb9c475776bd99d9a9e34749832e2d3b054624c27d93cc37c7a3549e0e6a7640
cd6d5a8d72594d19131d97fe5c8f12103580eed48b5407a8417bb90fd973d1d0
cdaeebd83568dd612aa9d068eaa986e1feb65b0e36cfaa461f727a8597a12d01
cdb5ca36664e6906c51c4336873d7b45f29cb48c3b3188c853980813da650712
cdeb743f50d1b0bacc7ca982e03067b6ca427c32e77f1a3a599b30202f14e065
ce20ed8a323117c8a718ff1ddc6dabb997373b575a8e896f2bf02b846c082c9d
cea20bf889f139baf9c5fe8cc267ed2a210950113b7f5a422949fa4b0f662daf
ceca6a8acc9e1eb6c9720b0ec03fe602bedfeeb7fed332cdd4c3c2252b4274a3
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d28cd8034256b93e060711ff9357b555b0d55af2c9aa4640311c1d41dcab3e13
d323b892c3e3928a3f67494a55bfa22a79cc03493d440d20af2ab4293c8f8fae
d47d292f013ca50f500912e6ff178426b03e9cb0bf44ff84fff5d7c2969fbf4d
d525df3328bd087b7ffe17507933ceddd5664b2e33909c9c363261c9c2bdb01a
d5763fb19662b9f8a45817ae003b59dcdd95e2013432d47f781e4bd03992fa5d
d725b82a17705a9c98f167385a2a20ed1fb456cdfbf7b23d778ffafe7c42f3c9
d7b729ec3ea0bc142ebe3c5cd09872cb689eb161e64d8adcdf6cf2f03e970c4d
d7ea79f7dd4beb251b942a9ba212b900dd297664f686251e9fc764642dc28b3d
d8a6f2a85533d8b0a3572be5fa46cb09629d8f54f28bf40c52e0878d68caa046
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
db7c349d8f28ad030602fe1370a3db11faa99c8838112d0aa276943fcf6b4bc4
dc2d61e74a02e5141a305637fcadc24ab1abf715d634a1bbcb181b37f45fa78f
dc9244a2ddaab9795c465eb3ee97484d2d0c2b6eed0e0a6b45ba132660ccc76c
dd34214c43af0cda28469cdea1b2261b60822b1dfb8cde7ad909e2a1611c0c58
dd9c85c873b9b644468988e8165e079b0e747a550ce13fa3f7d0c1839b0fd503
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de3f5289f269e38ee410308bc46240f0c4d4502da930f7cb6cea633ad0a8c80b
de801d89e6f71bf92faa287b9d67520105e6188e703bf3d060223ec2072a95ca
dee5b86e53a5f789d55a21ff5a02a926b712d0bbbc9cfda18aa9c9942d0d2b4a
e1aad8e6bb6ce507ef6de7c00db410c048f3aac3e5f373a69614aec38cfa3f4d
e1b4fa57ef557e75c6c1bfe28ca3901e327287bca7ccf2eaf16cf17183ae24b8
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6
e371c9ea0fd636a3ecd29ae5e8413d144d470f77ca4bdda94b6e61ec3b980eb9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e7c965e41ba62a86766baa4795cb057d869b09a8d1cffa4482620975a7a967
e5152deb80007c748ce43c7579d5befcabe0c90853ce12fdf625dab1927e8bab
e5e69d81e4b5b164b36a059fdf3f17b67b1fde6e611f3c88283d771a98468668
e6969b69570c743952ab51b9fba22410be503db91b0566753d6da10894e76dad
e6ae2ee7b544a949385f531826a24db1315a328eb451377b467dc5058a547f49
e71fb1f132445ea4b054ac8165116bc0850ca64d16dfb8a5b9a1bf8363238682
e773274d2bf81b8f48ad8c5556d2abc2adcf8aa713516eaaef5f533eff73231d
e7907336273196ef7b66c3c9377e5958d4c7e9691de3e67dca3a803138344a00
e7b8d4b3c5141c9cf35d91b4ac8d0edc8812f445b9faf1b6acb53bda701284ae
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ec9eb801027be07e73088ea3cdf525b771cda763e962b7595e1288d98da58ca5
ed1b73c6b4690cde9b521865b58e031293209bc0b2ba2b5716ecf4bf9885ee4b
ed2fd4ff03ad69c2b6e53692d2d530ece2a12d06162628440f8ce89ff3f70fd3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4bc5766013957b6b0eff70f34bfc9223015ef18e94c0e62ad836391197b9ac
ef519f1596b0ac32e280177a07972896261b0ee30f975c49353641ab29c7d9a4
ef9a09a8d906d4a382b0ac6d8d13233b9f13c4dbc71daecbc3ee2ef93e8ea5e5
f344734e2570f6842c8e8ed89171e9bd4fb6c1be43c041e320127b1a9ab16666
f4203aef3c4b3f3640398647ff0c47cabef29b71915f11e70b5ee0630b8b48ab
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f66ed0540b430733e1f0a991a6979222dc3bc96c54bff5c5725a176472e17f74
f90127e896d7f8650493b51b64dbb4163a8fb95d908863749c49c87ee61dbd2f
f93d6aac2996165254aceb217fd491b77cb5da8667b7bc90ba9f47242c98b91a
f979285e29b7738e79983b46d15f2c865f36ca1033937b4fd938af11798ef40f
fb08626e23f36c5e52113df7433a8775a80fcf7b94e59bec2b61e58a8d20ce93
fb2f38b0a52b0a78fc5c5e1e8d2dc0c5614a012165df6ebd3063b54b2a3100a1
fb59bbde032685272ff5e92e69d0b6104c02bf3cd8165437050e54782cd67af5
fbd7d5de5e7a55ea07ecf232b58b99732dee1f0900e59e4e8374ebab8ad52c43
fc6a34829afafad6cee5c547107143e0ef6a08b84cc66a75a914e4bdb627bec2
fd646e6648d187247efc4513828cbeec3fa1b53295ccaedae88193d89fb0e2a0
fddffdc961f3132503ec9197a60d34b0ffcef8fd71ea975d87497688f0c1c7c1
fe39eced72c33ae4c1b3bdd9843bc853265b9909040d41555faa02f62cb29ef2
fe3dec1f8d636050c48303ec4eb0a01234598a594a8036a8bf2dc8038e4febd0
fe78531abc2bb4f02696ffec6405d8b7701a7b99acfe8a76d722c1f6915a8c44
fff7b5b76321e4080e4cf8a5b312d74a943b7ebc2aec9081ac7e17458123fcb2