www.irctc.co.in Open in urlscan Pro
103.252.142.18 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://irctc.co.in/
Effective URL:
https://www.irctc.co.in/nget/
Submission: On May 19 via manual (May 19th 2021, 8:47:11 pm UTC) from US

Summary HTTP 484 Redirects Links 76 Behaviour Indicators

Summary

This website contacted 82 IPs in 13 countries across 92 domains to perform 484 HTTP transactions. The main IP is 103.252.142.18, located in India and belongs to CRIS-ND-21-IN Centre For Railway Information Systems, IN. The main domain is www.irctc.co.in.
TLS certificate: Issued by GeoTrust EV RSA CA 2018 on May 13th 2021. Valid for: a year.

This is the only time www.irctc.co.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	103.252.142.19 103.252.142.19	45596 (CRIS-ND-2...) (CRIS-ND-21-IN Centre For Railway Information Systems)
21	103.252.142.18 103.252.142.18	45596 (CRIS-ND-2...) (CRIS-ND-21-IN Centre For Railway Information Systems)
9	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY)
15	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:1275	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:d941	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::2001	15169 (GOOGLE) (GOOGLE)
27	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
24	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::2006	15169 (GOOGLE) (GOOGLE)
22 26	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
14 32	185.33.221.53 185.33.221.53	29990 (ASN-APPNEX) (ASN-APPNEX)
4	40.80.84.221 40.80.84.221	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
4	2400:8901::f0... 2400:8901::f03c:92ff:fe35:a93f	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:400c:c0a::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
7	13.32.18.121 13.32.18.121	16509 (AMAZON-02) (AMAZON-02)
2	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
2	54.36.109.22 54.36.109.22	16276 (OVH) (OVH)
4	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 6	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
2 46	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
18	52.210.177.43 52.210.177.43	16509 (AMAZON-02) (AMAZON-02)
4	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	213.19.147.43 213.19.147.43	3356 (LEVEL3) (LEVEL3)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2	172.105.34.228 172.105.34.228	63949 (LINODE-AP...) (LINODE-AP Linode)
1	52.219.64.115 52.219.64.115	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1 2	104.109.91.205 104.109.91.205	16625 (AKAMAI-AS) (AKAMAI-AS)
6	151.101.113.108 151.101.113.108	54113 (FASTLY) (FASTLY)
4	185.33.223.178 185.33.223.178	29990 (ASN-APPNEX) (ASN-APPNEX)
1	172.217.16.134 172.217.16.134	15169 (GOOGLE) (GOOGLE)
1 2	18.196.210.39 18.196.210.39	16509 (AMAZON-02) (AMAZON-02)
11	35.201.99.35 35.201.99.35	15169 (GOOGLE) (GOOGLE)
2	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
33 33	35.158.172.137 35.158.172.137	16509 (AMAZON-02) (AMAZON-02)
12 12	185.29.132.69 185.29.132.69	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 37	52.48.175.241 52.48.175.241	16509 (AMAZON-02) (AMAZON-02)
4	67.202.110.23 67.202.110.23	32748 (STEADFAST) (STEADFAST)
10	185.86.137.122 185.86.137.122	201081 (SMARTADSE...) (SMARTADSERVER)
14 15	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
27 27	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
2 2	54.197.13.220 54.197.13.220	14618 (AMAZON-AES) (AMAZON-AES)
2 2	88.214.206.247 88.214.206.247	46636 (NATCOWEB) (NATCOWEB)
6 6	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
12	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
12 12	37.157.6.241 37.157.6.241	198622 (ADFORM) (ADFORM)
4 8	52.28.254.214 52.28.254.214	16509 (AMAZON-02) (AMAZON-02)
3 4	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
4 4	18.192.249.156 18.192.249.156	16509 (AMAZON-02) (AMAZON-02)
2 2	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
5 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
4 5	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.183.112.148 185.183.112.148	60350 (VP) (VP)
8 8	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
5 5	70.42.32.191 70.42.32.191	13789 (INTERNAP-...) (INTERNAP-BLK3)
3 3	50.16.38.94 50.16.38.94	14618 (AMAZON-AES) (AMAZON-AES)
3 3	23.23.2.159 23.23.2.159	14618 (AMAZON-AES) (AMAZON-AES)
2	193.122.130.38 193.122.130.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
2 2	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	52.57.38.160 52.57.38.160	16509 (AMAZON-02) (AMAZON-02)
3 3	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
6 6	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
2 2	202.241.208.56 202.241.208.56	4694 (IDCF IDC ...) (IDCF IDC Frontier Inc.)
4 4	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	213.155.156.184 213.155.156.184	1299 (TELIANET ...) (TELIANET Telia Carrier)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 18	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	72.251.241.196 72.251.241.196	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	146.59.148.16 146.59.148.16	16276 (OVH) (OVH)
2 2	52.208.103.128 52.208.103.128	16509 (AMAZON-02) (AMAZON-02)
1 3	2606:4700:10:... 2606:4700:10::ac43:db6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	159.253.128.183 159.253.128.183	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2620:116:800d... 2620:116:800d:21:36a9:ecb:e518:b308	16509 (AMAZON-02) (AMAZON-02)
1 1	47.252.78.131 47.252.78.131	45102 (CNNIC-ALI...) (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co.)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
1 1	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	162.55.6.211 162.55.6.211	24940 (HETZNER-AS) (HETZNER-AS)
1 1	13.225.74.46 13.225.74.46	16509 (AMAZON-02) (AMAZON-02)
1 1	188.165.4.142 188.165.4.142	16276 (OVH) (OVH)
1	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
1 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2 2	3.123.143.157 3.123.143.157	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.158 38.27.122.158	174 (COGENT-174) (COGENT-174)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.190.106 185.64.190.106	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
1 2	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
1 1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	34.98.107.212 34.98.107.212	15169 (GOOGLE) (GOOGLE)
484	82

2 103.252.142.19 (India) 2 redirects

ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN)

irctc.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 103.252.142.18 (India)

ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN)

www.irctc.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a04:4e42:1b::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1275 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.truenotify.co.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:d941 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.izooto.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 142.250.186.162 (United States) 22 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 185.33.221.53 (Amsterdam, Netherlands) 14 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 40.80.84.221 (Pune, India)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

assistant.corover.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:8901::f03c:92ff:fe35:a93f (Singapore, Singapore)

ASN63949 (LINODE-AP Linode, LLC, US)

uiresource.ap-south-1.linodeobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.32.18.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-18-121.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.77.64.70 (France)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.36.109.22 (France)

ASN16276 (OVH, FR)
PTR: p09.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.52.2.39 (United States) 4 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

46 51.89.9.251 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.210.177.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 213.19.147.43 (United Kingdom)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.105.34.228 (Mumbai, India)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1986-228.members.linode.com

cricket.unibots.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.219.64.115 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-south-1.amazonaws.com

newsbot-images.s3.ap-south-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.91.205 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-91-205.deploy.static.akamaitechnologies.com

ssl.connextra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.113.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.223.178 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ams1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.210.39 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-210-39.eu-central-1.compute.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 35.201.99.35 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 35.99.201.35.bc.googleusercontent.com

host.adcropper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.adcropper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 35.158.172.137 (Frankfurt am Main, Germany) 33 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.29.132.69 (United Kingdom) 12 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 52.48.175.241 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 67.202.110.23 (United States)

ASN32748 (STEADFAST, US)
PTR: ip23.67-202-110.static.steadfastdns.net

pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.86.137.122 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 213.19.147.45 (United Kingdom) 14 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 76.223.111.131 (United States) 27 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.197.13.220 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.214.206.247 (United Kingdom) 2 redirects

ASN46636 (NATCOWEB, US)
PTR: buycheapfags.com

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 193.0.160.128 (United States) 6 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 37.157.6.241 (Denmark) 12 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.28.254.214 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-254-214.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1288:110:c305::8000 (United Kingdom) 3 redirects

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.192.249.156 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

prod.perf-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.42.191.196 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.157.4.39 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.183.112.148 (Paris, France) 2 redirects

ASN60350 (VP, FR)

sync.adotmob.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.244.159.8 (Kansas City, United States) 8 redirects

ASN15169 (GOOGLE, US)

eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 70.42.32.191 (United States) 5 redirects

ASN13789 (INTERNAP-BLK3, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 50.16.38.94 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.23.2.159 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.122.130.38 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.99.241 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.57.38.160 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.148.27.140 (New York, United States) 3 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.114.49 (Frankfurt am Main, Germany) 6 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 202.241.208.56 (Japan) 2 redirects

ASN4694 (IDCF IDC Frontier Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.30 (Amsterdam, Netherlands) 4 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.155.156.184 (Sweden)

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.196 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.59.148.16 (France) 4 redirects

ASN16276 (OVH, FR)
PTR: ns3181477.ip-146-59-148.eu

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.103.128 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:10::ac43:db6 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.253.128.183 (Amsterdam, Netherlands) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:36a9:ecb:e518:b308 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.252.78.131 (United States) 1 redirects

ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN)

event.clientgear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (United Kingdom) 1 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.211 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.211.6.55.162.clients.your-server.de

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.74.46 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-74-46.fra2.r.cloudfront.net

cm.smadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.165.4.142 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip142.ip-188-165-4.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.232.137.44 (Frankfurt am Main, Germany) 1 redirects

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.123.143.157 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.158 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.106 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Hjørring, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.126.47 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	googlesyndication.com fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com 38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com ade.googlesyndication.com Failed	426 KB
55	doubleclick.net 22 redirects securepubads.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net stats.g.doubleclick.net ad.doubleclick.net	474 KB
50	pubmatic.com 1 redirects hbopenbid.pubmatic.com ads.pubmatic.com image6.pubmatic.com simage2.pubmatic.com image4.pubmatic.com image2.pubmatic.com simage4.pubmatic.com aud.pubmatic.com	185 KB
46	onetag-sys.com 2 redirects onetag-sys.com	21 KB
42	adnxs.com 14 redirects ib.adnxs.com cdn.adnxs.com ams1-ib.adnxs.com acdn.adnxs.com secure.adnxs.com	159 KB
37	gumgum.com 1 redirects g2.gumgum.com rtb.gumgum.com	11 KB
33	bidswitch.net 33 redirects x.bidswitch.net	12 KB
27	adsrvr.org 27 redirects match.adsrvr.org	12 KB
23	google.com www.google.com adservice.google.com	159 KB
23	irctc.co.in 2 redirects irctc.co.in www.irctc.co.in	2 MB
22	gstatic.com fonts.gstatic.com www.gstatic.com	904 KB
20	servenobid.com ads.servenobid.com public.servenobid.com	10 KB
17	adform.net 16 redirects dmp.adform.net c1.adform.net	8 KB
15	googletagservices.com www.googletagservices.com	415 KB
14	1rx.io 10 redirects tag.1rx.io sync.1rx.io	6 KB
12	rubiconproject.com pixel-eu.rubiconproject.com pixel.rubiconproject.com	3 KB
12	mathtag.com 12 redirects sync.mathtag.com	6 KB
11	adcropper.com host.adcropper.com api.adcropper.com	206 KB
10	smartadserver.com ssbsync.smartadserver.com	3 KB
10	jsdelivr.net cdn.jsdelivr.net	356 KB
9	yahoo.com 8 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	7 KB
8	openx.net 8 redirects eu-u.openx.net us-u.openx.net	2 KB
8	advertising.com 4 redirects pixel.advertising.com	2 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
7	amazon-adsystem.com c.amazon-adsystem.com	73 KB
6	everesttech.net 6 redirects sync-tm.everesttech.net	2 KB
6	rfihub.com 6 redirects p.rfihub.com	5 KB
6	criteo.com bidder.criteo.com gum.criteo.com dis.criteo.com	1 KB
6	lijit.com 4 redirects ap.lijit.com	3 KB
5	unrulymedia.com 4 redirects sync.targeting.unrulymedia.com	2 KB
4	onaudience.com 4 redirects pixel.onaudience.com	2 KB
4	creativecdn.com 4 redirects creativecdn.com	1 KB
4	360yield.com 4 redirects ad.360yield.com	1 KB
4	zemanta.com 4 redirects b1sync.zemanta.com	2 KB
4	perf-serving.com 4 redirects prod.perf-serving.com	3 KB
4	33across.com pixel.33across.com ssc-cms.33across.com
4	linodeobjects.com uiresource.ap-south-1.linodeobjects.com	428 KB
4	corover.mobi assistant.corover.mobi	7 KB
4	2mdn.net s0.2mdn.net	181 KB
4	google.de adservice.google.de www.google.de	1 KB
3	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	1 KB
3	contextweb.com 3 redirects bh.contextweb.com	1 KB
3	deepintent.com match.deepintent.com	99 B
3	ipredictive.com 3 redirects sync.ipredictive.com	1 KB
3	stackadapt.com 3 redirects sync.srv.stackadapt.com	2 KB
3	google-analytics.com www.google-analytics.com	38 KB
2	exelator.com 1 redirects loadm.exelator.com	3 KB
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	994 B
2	w55c.net 2 redirects pm.w55c.net	2 KB
2	tapad.com 1 redirects pixel.tapad.com	617 B
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	560 B
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	simpli.fi 1 redirects um.simpli.fi	1 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	988 B
2	socdm.com 2 redirects tg.socdm.com	1 KB
2	emxdgt.com cs.emxdgt.com
2	bluekai.com 2 redirects stags.bluekai.com	2 KB
2	technoratimedia.com sync.technoratimedia.com	583 B
2	adotmob.com 2 redirects sync.adotmob.com	1 KB
2	betweendigital.com 2 redirects ads.betweendigital.com	1015 B
2	admanmedia.com 2 redirects cs.admanmedia.com	788 B
2	postrelease.com 2 redirects jadserve.postrelease.com	1 KB
2	criteo.net static.criteo.net	51 KB
2	myvisualiq.net 1 redirects t.myvisualiq.net	1 KB
2	connextra.com 1 redirects ssl.connextra.com	1 KB
2	unibots.in cricket.unibots.in	2 KB
2	googleapis.com fonts.googleapis.com	1 KB
2	id5-sync.com id5-sync.com	1 KB
2	ip-api.com pro.ip-api.com	388 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	337 B
1	bnmla.com match.bnmla.com	114 B
1	ad4m.at ad4m.at	992 B
1	erne.co 1 redirects green.erne.co	325 B
1	smadex.com 1 redirects cm.smadex.com	529 B
1	loopme.me 1 redirects csync.loopme.me	211 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	turn.com 1 redirects ad.turn.com	518 B
1	clientgear.com 1 redirects event.clientgear.com	263 B
1	quantserve.com 1 redirects pixel.quantserve.com	543 B
1	adgrx.com cm.adgrx.com	408 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	de17a.com d5p.de17a.com	134 B
1	outbrain.com 1 redirects sync.outbrain.com	627 B
1	amazonaws.com newsbot-images.s3.ap-south-1.amazonaws.com	2 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
1	izooto.com cdn.izooto.com	40 KB
1	truenotify.co.in cdn.truenotify.co.in	2 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	18 KB
0	bidr.io Failed match.prod.bidr.io Failed
484	92

	Domain	Requested by
46	onetag-sys.com	2 redirects cdn.jsdelivr.net public.servenobid.com onetag-sys.com
35	rtb.gumgum.com	1 redirects public.servenobid.com g2.gumgum.com
33	x.bidswitch.net	33 redirects
27	match.adsrvr.org	27 redirects
27	tpc.googlesyndication.com	securepubads.g.doubleclick.net fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com ad.doubleclick.net
26	ib.adnxs.com	8 redirects googleads.g.doubleclick.net cdn.jsdelivr.net acdn.adnxs.com
26	cm.g.doubleclick.net	22 redirects googleads.g.doubleclick.net g2.gumgum.com
24	pagead2.googlesyndication.com	fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.irctc.co.in securepubads.g.doubleclick.net ad.doubleclick.net www.googletagservices.com
21	www.irctc.co.in	www.irctc.co.in
20	www.google.com	www.irctc.co.in www.gstatic.com www.google.com securepubads.g.doubleclick.net fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
18	simage2.pubmatic.com	1 redirects ads.pubmatic.com
18	ads.servenobid.com	cdn.jsdelivr.net public.servenobid.com onetag-sys.com ssbsync.smartadserver.com g2.gumgum.com
17	securepubads.g.doubleclick.net	www.googletagservices.com www.irctc.co.in assistant.corover.mobi securepubads.g.doubleclick.net
15	www.googletagservices.com	www.irctc.co.in securepubads.g.doubleclick.net fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com cdn.jsdelivr.net www.googletagservices.com s0.2mdn.net
14	ads.pubmatic.com	cdn.jsdelivr.net g2.gumgum.com ads.pubmatic.com
13	www.gstatic.com	www.google.com www.gstatic.com
12	dmp.adform.net	12 redirects
12	sync.mathtag.com	12 redirects
10	sync.1rx.io	10 redirects
10	ssbsync.smartadserver.com	public.servenobid.com ssbsync.smartadserver.com
10	cdn.jsdelivr.net	www.irctc.co.in cdn.jsdelivr.net assistant.corover.mobi securepubads.g.doubleclick.net
9	host.adcropper.com	s0.2mdn.net host.adcropper.com
9	fonts.gstatic.com	www.irctc.co.in www.google.com
8	pixel.advertising.com	4 redirects onetag-sys.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
7	c.amazon-adsystem.com	cdn.jsdelivr.net c.amazon-adsystem.com
6	image2.pubmatic.com	ads.pubmatic.com
6	sync-tm.everesttech.net	6 redirects
6	secure.adnxs.com	6 redirects
6	pixel.rubiconproject.com	onetag-sys.com
6	pixel-eu.rubiconproject.com	onetag-sys.com
6	p.rfihub.com	6 redirects
6	ap.lijit.com	4 redirects cdn.jsdelivr.net
6	googleads4.g.doubleclick.net	googleads.g.doubleclick.net ad.doubleclick.net
5	c1.adform.net	4 redirects ads.pubmatic.com
5	ups.analytics.yahoo.com	5 redirects
5	sync.targeting.unrulymedia.com	4 redirects g2.gumgum.com
5	acdn.adnxs.com	assistant.corover.mobi cdn.jsdelivr.net
4	pixel.onaudience.com	4 redirects
4	creativecdn.com	4 redirects
4	ad.360yield.com	4 redirects
4	b1sync.zemanta.com	4 redirects
4	us-u.openx.net	4 redirects
4	eu-u.openx.net	4 redirects
4	prod.perf-serving.com	4 redirects
4	pr-bh.ybp.yahoo.com	3 redirects ads.pubmatic.com
4	ams1-ib.adnxs.com	cdn.jsdelivr.net assistant.corover.mobi cdn.adnxs.com
4	tag.1rx.io	cdn.jsdelivr.net
4	bidder.criteo.com	cdn.jsdelivr.net
4	hbopenbid.pubmatic.com	cdn.jsdelivr.net
4	uiresource.ap-south-1.linodeobjects.com
4	assistant.corover.mobi	www.irctc.co.in assistant.corover.mobi
4	s0.2mdn.net	fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net s0.2mdn.net
4	googleads.g.doubleclick.net	fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com www.irctc.co.in
3	bh.contextweb.com	3 redirects
3	match.deepintent.com	g2.gumgum.com ads.pubmatic.com
3	sync.ipredictive.com	3 redirects
3	sync.srv.stackadapt.com	3 redirects
3	image6.pubmatic.com	ads.pubmatic.com
3	fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net
3	www.google-analytics.com	www.irctc.co.in www.googletagmanager.com
2	loadm.exelator.com	1 redirects ads.pubmatic.com
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	visitor.fiftyt.com	2 redirects
2	pm.w55c.net	2 redirects
2	pixel.tapad.com	1 redirects ads.pubmatic.com
2	simage4.pubmatic.com	ads.pubmatic.com
2	um.simpli.fi	1 redirects ads.pubmatic.com
2	mwzeom.zeotap.com	ads.pubmatic.com
2	sync.crwdcntrl.net	2 redirects
2	image4.pubmatic.com	ads.pubmatic.com
2	tg.socdm.com	2 redirects
2	cs.emxdgt.com	g2.gumgum.com
2	ssc-cms.33across.com	g2.gumgum.com
2	stags.bluekai.com	2 redirects
2	sync.technoratimedia.com	g2.gumgum.com
2	sync.adotmob.com	2 redirects
2	ads.betweendigital.com	2 redirects
2	cs.admanmedia.com	2 redirects
2	jadserve.postrelease.com	2 redirects
2	pixel.33across.com	public.servenobid.com
2	g2.gumgum.com	public.servenobid.com
2	public.servenobid.com	cdn.jsdelivr.net
2	api.adcropper.com	host.adcropper.com
2	static.criteo.net	cdn.jsdelivr.net static.criteo.net
2	t.myvisualiq.net	1 redirects ad.doubleclick.net
2	ssl.connextra.com	1 redirects assistant.corover.mobi
2	cricket.unibots.in	www.irctc.co.in
2	fonts.googleapis.com	assistant.corover.mobi host.adcropper.com
2	id5-sync.com	cdn.jsdelivr.net
2	pro.ip-api.com	cdn.jsdelivr.net
2	irctc.co.in	2 redirects
1	ads.playground.xyz	1 redirects
1	pixel-sync.sitescout.com	1 redirects
1	aud.pubmatic.com	ads.pubmatic.com
1	match.bnmla.com	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	s.tribalfusion.com	ads.pubmatic.com
1	a.tribalfusion.com	1 redirects
1	ad4m.at	ads.pubmatic.com
1	green.erne.co	1 redirects
1	cm.smadex.com	1 redirects
1	csync.loopme.me	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	match.adsby.bidtheatre.com	1 redirects
1	ad.turn.com	1 redirects
1	event.clientgear.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	spl.zeotap.com	1 redirects
1	cm.adgrx.com	ads.pubmatic.com
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	d5p.de17a.com	ads.pubmatic.com
1	sync.outbrain.com	1 redirects g2.gumgum.com
1	gum.criteo.com	static.criteo.net
1	ad.doubleclick.net	www.googletagservices.com
1	cdn.adnxs.com	cdn.jsdelivr.net
1	de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	newsbot-images.s3.ap-south-1.amazonaws.com	assistant.corover.mobi
1	www.google.de
1	stats.g.doubleclick.net	www.irctc.co.in
1	www.googletagmanager.com	assistant.corover.mobi
1	cdn.izooto.com	cdn.truenotify.co.in
1	cdn.truenotify.co.in	www.irctc.co.in
1	maxcdn.bootstrapcdn.com	www.irctc.co.in
0	ade.googlesyndication.com Failed
0	match.prod.bidr.io Failed	ads.pubmatic.com
484	131

This site contains links to these domains. Also see Links.

Domain
contents.irctc.co.in
www.ecatering.irctc.co.in
www.irctcimudra.com
b2bapi.zee5.com
www.irctctourism.com
www.operations.irctc.co.in
enquiry.indianrail.gov.in
www.ftr.irctc.co.in
www.bus.irctc.co.in
www.air.irctc.co.in
www.hotel.irctctourism.com
www.the-maharajas.com
www.rr.irctctourism.com
www.sbicard.com
menurates.irctc.co.in
play.google.com
apps.apple.com
www.nvsp.in
mahilaehaat-rmk.gov.in
www.raildrishti.in
www.fois.indianrail.gov.in
www.confirmtkt.com
www.ixigo.com
applinks.makemytrip.com
bit.ly
corover.ai
www.railwire.co.in
agent.irctc.co.in
www.indianrail.gov.in
hotel.irctctourism.com
www.irctcbuddhisttrain.com
www.facebook.com
youtube.com
instagram.com
www.linkedin.com
t.me
in.pinterest.com
irctcofficial.tumblr.com
www.kooapp.com
twitter.com
cris.org.in

Subject Issuer	Validity	Valid
www.irctc.co.in GeoTrust EV RSA CA 2018	`2021-05-13` - `2022-05-25`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-05-03` - `2021-07-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-05-18` - `2022-03-26`	10 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.corover.mobi Go Daddy Secure Certificate Authority - G2	`2020-07-15` - `2021-07-15`	a year	crt.sh
ap-south-1.linodeobjects.com R3	`2021-05-04` - `2021-08-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-05-03` - `2021-07-26`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2019-11-05` - `2021-11-04`	2 years	crt.sh
*.id5-sync.com R3	`2021-03-23` - `2021-06-21`	3 months	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
*.servenobid.com Amazon	`2021-02-12` - `2022-03-13`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2019-06-28` - `2021-06-27`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
cricket.unibots.in R3	`2021-05-01` - `2021-07-30`	3 months	crt.sh
*.s3.ap-south-1.amazonaws.com DigiCert Baltimore CA-2 G2	`2021-01-12` - `2022-01-19`	a year	crt.sh
*.connextra.com DigiCert SHA2 Secure Server CA	`2020-06-03` - `2021-09-02`	a year	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
*.myvisualiq.net Go Daddy Secure Certificate Authority - G2	`2020-12-12` - `2022-01-13`	a year	crt.sh
*.adcropper.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-22` - `2021-11-01`	2 years	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-04-14` - `2021-07-12`	3 months	crt.sh
public.servenobid.com DigiCert SHA2 Secure Server CA	`2020-08-26` - `2021-08-25`	a year	crt.sh
*.gumgum.com Amazon	`2020-07-03` - `2021-08-03`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
pixel.advertising.com DigiCert SHA2 High Assurance Server CA	`2021-03-01` - `2021-08-24`	6 months	crt.sh
*.technoratimedia.com DigiCert SHA2 High Assurance Server CA	`2020-07-28` - `2021-10-01`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.targeting.unrulymedia.com DigiCert SHA2 Secure Server CA	`2020-05-04` - `2022-05-09`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2020-05-18` - `2021-07-17`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.de17a.com Sectigo ECC Domain Validation Secure Server CA	`2020-11-25` - `2021-12-25`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-29` - `2021-09-22`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2021-03-09` - `2022-04-10`	a year	crt.sh
*.exelator.com Go Daddy Secure Certificate Authority - G2	`2019-05-17` - `2021-06-25`	2 years	crt.sh

This page contains 89 frames:

Primary Page: https://www.irctc.co.in/nget/
Frame ID: F23237BA443A7B6912AA79331F3EA0B1
Requests: 58 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=yf0zz3iore5s
Frame ID: FAC15D8B07694C44EA53C4290E4F1DA0
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=e5b9hnpt2luh
Frame ID: BE2553D780014D235D830B6A2AB11858
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=q3uy7duww8e3
Frame ID: 871504EBD3F81903D17CE21527972560
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
Frame ID: 0961B32B9238F5C10B69F95C610391F5
Requests: 12 HTTP requests in this frame

Frame: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CF58BD52229C375AC688DE3BE8F057D5
Requests: 14 HTTP requests in this frame

Frame: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7C667B38C88F9AC49578F477246A14E8
Requests: 13 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKEgF_UARwN29sCFM7b7ac9zp3cSoDmptUyyFx6Z1pvcWpuwka6Vb7I_eXpFie-GrlhfDFXxgdPo9CqkfHCO2pn49WkT_--qNu6VTcfVLTtDxQCZUbgpCi9RYpDef60yEqOhyH36mRIdf5duqrvJBWfTVs_o1WLkpQixxhyTXisXp8hTPZRKp--H29IQrh7ZoX_pSERcOCNMAG_BZr9eUsNpWBLSuUm7kG5GrBY1odNO1JMUxt3Hzhk_CutR9zV1stWd4woSi1uN4TsOgA8Rp5I2xp-BdBc8DJWBryWDL0VUtex-8rqKm8&sai=AMfl-YSvA7UHu4PrAB7jCtOwEGnkR8Kg85MGoHc-AIkSlYHQWOZZvpvUtJc5C5Xo15zzFVR6QxjFWt3fFf3QjcgDm2nUjCBZJFJAzS30SNikp34a4zS-Mja_9Dp6KkMSbW0&sig=Cg0ArKJSzAtmruRyj0DNEAE&adurl=
Frame ID: 83D948B8E1DDC1865E5A670BF9BA7592
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzHeH8inTCqdJCMTPCPNcsH7kBfYuWhXuXPl2kB0jJ9XG3KLzbRQm-Dv9iJmOPCLxlnX-bV2XWDhNUHgFcnHALsRePnLtRFoOthw9kFcAOPSOlLQv3HWRV-Cnt7ZuwcN59wxWbjbB10_nu4duUZ2wJ1CEqrEMB6xarOPScmTGyAMA2-eXjab-TqqDPvheh6oo097lIgYMXmPChJ-1M_0gc-H49NaN_hd4iChRQqf04S3f9bn8pseUvm98Pp9ll6yg98mJKrDfmbwjTDVg6gzSnXBOBxJ3tygb_UdAilRZYdviwrEubvcFGRsWcAkM9Vg&sai=AMfl-YQNrPmnE9TMbrT3GH8AqDsies7HlNPKxrUEPlADjMFyoOXPneoxmOFSexQHm5ddN5EP9Yl1lRIajrwkhzmEnIax_BOZeLIYlc6FN5CtQ-LIg6tRcQAxI_TUwKdJr1s&sig=Cg0ArKJSzPV1ZK2eIEkIEAE&adurl=
Frame ID: 0608572BFC37E569B5AEBA80F446CF7F
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ
Frame ID: D92EBC053781928A866E0DBD9AE89281
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q
Frame ID: 0FD805DFD19AAEA7169B6B15E77C2833
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 21D9918B65D228A0DC015BF5BEA1B7A1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D713528A43F64A8754F61C4851169356
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: A1F1688E6C60F4014391B70D48D81143
Requests: 2 HTTP requests in this frame

Frame: https://assistant.corover.mobi/irctc/coroversdsm/
Frame ID: 423B66E0EF5A590E6530DBF5F92EE9CB
Requests: 41 HTTP requests in this frame

Frame: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html
Frame ID: 8898B2F9F60FCE6EA2C9D727CD218D44
Requests: 34 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmEhP6H3Qtnaq6qup4pD4uqcNAWAWdFipxigRV19ktbQZos9t40XuTWv17AO2434dabAUefRcMlqiQjVF7Leppj-fiFewk49PEOrW1N-67wIPHyjztEs2iO1YhlG8a6vhaRHa9jAhKOmtSxDmNvUyPmxEjchWF7Lm-iVePx2hFAJYZVDQo7w0fFjGEopgIjdYrjBAiDBEwt5MaSKC9r8QV7ZU1A6mvxAD6Agt-1kIBmpcUh5Hu9MIb6JXKpuE3qjtKpy47xCH87f0efpA0Jexgra-BB4I2ooXWu2zy6MINTtnTxvQHnuYRJifgosXan3hENoM&sig=Cg0ArKJSzHVO7OMCVMpFEAE&urlfix=1&adurl=
Frame ID: BB1A8A2F18C1565E602C1A1EEC73A8E2
Requests: 14 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N244601.273391APPNEXUS/B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3mSdM28P9FpZoPqpTc2dGm_IsWmknc_eaVgAAAAABY8RAGULgAAmBwAAAIAAADKSbMPSJYkAAAAAABVU0QAVVNEAEABMgDxCQAAAAABAQUCAAAAANYAqSYgyAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521dxEfxQi_lPUUEMqTzX0YyKySASAAKAAxMzMzMzMz5z86CUFNUzE6Mzk4OEDAK0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgA%2Fcca%3DNzMyMCNBTVMxOjM5ODg%3D%2Fbn%3D84025%2Fclickenc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=2,https%3A%2F%2Fwww.irctc.co.in%2F$0;xdt=1;crlt=xW3_d'_DV6;gcsr=m;osda=2;sttr=16;prcl=s
Frame ID: 5AD75312CD52AA404A86D757DC0F485F
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=11924&pub_id=1941071
Frame ID: 48DC6B527E22C9ADDFC55BEF20EAD9AC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 31AB2EA305693EBA36619E74D28A148E
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssH2YGI1zGTTtPfNuRDW9_om-IJF65uqrALVnLN379U-0EMSNrHH2EQC-yQWmjBMWG9bBYHugB9Wy4XO8z3Ntpthqv44EgiWwO9GOBgkwo8eQYHIJdGU4DxHsJ52v4nCBhLlk1uPta1NaqxOTWtt5D48NtW5fmrH_un7ukjnBLohLOnnd51nHKldNrQlaXzNXJR_C9Ggm42pQX1foXCfaYgfOzWMx4ifx7gTfIPgVtvI1LR3VPsp3Gi5sBxgwIKvemxXf48D2DtmMkwf3LPsMCpncGrVMg_4K3eHdUaovCAn2l6QiugWl2-nqWH7qiTDIgB6Dfx&sig=Cg0ArKJSzJ6C9dxL2U6gEAE&adurl=
Frame ID: 2C656F27133640EDCFD349F6B2A1EA2A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 681DA190E09B642FA7990A9938382455
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/5270879/1590075266923/BE-PL-320x50-AbsolootlyMad-DJ-NDC.html
Frame ID: 66B6852B467183D11F81567ACE13C995
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 935F0015BF0FDBF597E1E23B174C75E1
Requests: 2 HTTP requests in this frame

Frame: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Frame ID: 2C78228952EC768A74899F356FF796F2
Requests: 13 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.irctc.co.in
Frame ID: FD464861C5FF02738ECE310B42B60E87
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1621457215647
Frame ID: 008231127EA87AA9F2B47BD03CB45BB0
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A4637BE73E1F9C913B5363847C290190
Requests: 21 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 68AB007B11C7A570496B37FB1E085251
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 72C92C3ED7C933A6DC075458A77DF6F4
Requests: 12 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E17F1F487D170B233D4030E559C0BBD3
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E329020D72B860401C42B11B71E9A655
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 426A22FEF545E31C9ABE88CEE3513AE9
Requests: 7 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1621457215714
Frame ID: 13B44B23B268C4C8A40DBA882856A44E
Requests: 9 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: C7C42B756BF5854CD260BB8D9249F582
Requests: 15 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: E2A745F1FDF512E56236297581DEC64F
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 8DC7387F32C25E97DB998446A19E4DCE
Requests: 10 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 805978E08D6A4D4193A0B79FB7603F41
Requests: 6 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 4334FD94811D7D556AC69C6840F5EE08
Requests: 15 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: 3ECD10E287784B1F78E28BC5F3B2D6FA
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: D21AD8E1AB525D4A13EBD394BD036765
Requests: 10 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 0B9F6D99CCAAA3068FD6AD124C612070
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 25421F7E4E222677048E115FCE9F3AFD
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 1CABAF58ACB5C2D2FDE5D002ABFC491E
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 665AC2900E6DAA8CD10BA0933BA1CE35
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1621457215715
Frame ID: 9E5A083097E1B45F321095706853C45D
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1621457215698
Frame ID: 4D15DA2BABB29524ABB21786AA368518
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 571465D7A70A659DE89DA5A32D62B712
Requests: 2 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=
Frame ID: C5AAC68AF1BE55A45ACF03509AAC7688
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4
Frame ID: 43CF5C2798D7675F05C5BBAEC89A78C3
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83ZDkxY2NmMy0xMTNhLTRiYTYtOTI0NS1jYWYxZDNkMWM1ZGI=&gdpr=0&gdpr_consent=
Frame ID: FE06CFBA5290AA4D710D3B69F08856AF
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 800FE75AB3E872ED74BFA750D77B0808
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: E632980C7AC60E18F6E50F5CF4B061AC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219
Frame ID: 0C2D1F33A6E627D92B4C42A282E623A8
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 5DD921C821B1A2BD72AA73226B9CE815
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA
Frame ID: 40D7C3BD92C0BE35DC6EB6CE0E9773EF
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Frame ID: C3AE7344C563D3E9E91012BB860578AE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
Frame ID: AEED383B164CA2836359A14F34E17D4E
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=
Frame ID: 02ABA807DBA32742590A6A5A6D0D21C1
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg
Frame ID: 74DC3B4C8F200449535F960F613365AA
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jOWU3ZTc2NS1hODAwLTQwODQtYjg0NC03YTFlZDU0MzFmMjU=&gdpr=0&gdpr_consent=
Frame ID: 98D472FF8B14D8E73262E8C23EC99580
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 36985B07BD7E7C0DB51BB5A0456A9F3E
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: 2C1FBD6F1DAC6067B1E22DD7D8EAB5E9
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219
Frame ID: A6B682FB0AA4A4E2BC21023B08BB0F48
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: 2B3B3E735D63BBCCB0CE6BF70386C2B7
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA
Frame ID: 722644114664F1575AB8D9458EED1ABD
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Frame ID: D73F96928AE194CE95C18923A247DB20
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
Frame ID: D49C9C6C0DC1029191F82A78CB464987
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4
Frame ID: 98926BF069C1A5718CEFF98FBE363EEA
Requests: 1 HTTP requests in this frame

Frame: https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
Frame ID: C8983CA38B7C6D47013C89F928A229D9
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 2FCD9B4BB4C388D266751890AC9DB471
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
Frame ID: B37043E5B164DFE8845ABA096EC01C2E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960
Frame ID: 224559D4578BDA89B6B583893E8DE0F9
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 13EDE6570EB04B50EA007E6DBB357D1E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 522C5FB49ABF2286F798A3F7AB8E777A
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F62573D6AE82ECEB10F282E9B3647E4A
Requests: 2 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Frame ID: 7C012B1EF420D78F84375CCAE228D8E6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Frame ID: A78462E33C5234014A00FCE0EC4BE1F9
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf
Frame ID: 7AE01C1092DDA188C19750A967229CFB
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: 8463FA1EFDA1B93E3A83E14CA36898BF
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: D9B6A2F20E227D5C042F6ADA62ABDF50
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219
Frame ID: 1297E02C72A7D2C70822F77FE59E0310
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw%26piggybackCookie%3D%24%7BDI_USER_ID%7D&gdpr=0&gdpr_consent=
Frame ID: FFADAF57F2A6CF283AD8778663212207
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 81FFF123C38B9126D151B4936B804B43
Requests: 1 HTTP requests in this frame

Frame: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
Frame ID: 9BBA98FA3062BE32B5ADAEB4C40941A3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=
Frame ID: 62BDF387C5806C2D3C2C7B2BC16567CF
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ
Frame ID: 23A274689AE3C4110FC7D0B35658C666
Requests: 1 HTTP requests in this frame

Frame: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Frame ID: E68875C8D88F309E5EC71E759B40DF58
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6
Frame ID: 7AD3365F3B105E45F825765363175715
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://irctc.co.in/ HTTP 302
https://irctc.co.in/ HTTP 302
https://www.irctc.co.in/nget/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

484
Requests

99 %
HTTPS

28 %
IPv6

92
Domains

131
Subdomains

82
IPs

13
Countries

6146 kB
Transfer

12904 kB
Size

7
Cookies

76 Outgoing links

These are links going to different origins than the main page.

URL: http://contents.irctc.co.in/en/Covid19PMMessage.pdf
Title: Wear Mask, Follow Physical Distancing, Maintain Hand Hygine.

Search URL Search Domain Scan URL

URL: https://www.ecatering.irctc.co.in/
Title: e-Catering

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/CovidVaccinationInfoEng.pdf
Title: Information on Covid 19 Vaccination Programme

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/KumbhmelaSOP.pdf
Title: Covid-19 Guidelines For Kumbh Mela 2021 at Haridwar.

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/stateWiseAdvisory.html
Title: Click Here to see state wise advisory on Arrival(As available).

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/AboutEwallet.pdf
Title: About IRCTC eWallet

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/EwalletUserGuide.pdf
Title: IRCTC eWallet User Guide

Search URL Search Domain Scan URL

URL: https://www.irctcimudra.com/
Title: IRCTC iMudra

Search URL Search Domain Scan URL

URL: https://b2bapi.zee5.com/cl/premium-packs.php?code=ATCJS8DK0SJ320LK&name=IRCTC&utm_source=cl&utm_medium=irctc&utm_campaign=web
Title: ZEE5 Subscription

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/gallery/tajas.html
Title: Group Booking

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/Travel_Insurance_Claim_Process_for_IRCTC_TejasExp.pdf
Title: Travel Insurance Claim Process

Search URL Search Domain Scan URL

URL: https://www.operations.irctc.co.in/ctcan/SystemTktCanLogin.jsf
Title: Counter Ticket

Search URL Search Domain Scan URL

URL: https://enquiry.indianrail.gov.in/ntes
Title: Track Your Train

Search URL Search Domain Scan URL

URL: https://www.ftr.irctc.co.in/ftr/
Title: FTR Coach/Train Booking

Search URL Search Domain Scan URL

URL: https://www.bus.irctc.co.in/
Title: BUSES

Search URL Search Domain Scan URL

URL: https://www.air.irctc.co.in/
Title: FLIGHTS

Search URL Search Domain Scan URL

URL: https://www.hotel.irctctourism.com/
Title: HOTELS

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/tourpacakage_search?searchKey=&tagType=&travelType=Domestic&sector=All&bdar=1
Title: Tourist Train

Search URL Search Domain Scan URL

URL: http://www.the-maharajas.com/
Title: Maharaja"s Express

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/tourpacakage_search?searchKey=&tagType=&travelType=Domestic&sector=103
Title: Tour Packages

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/tourpacakage_search?searchKey=&tagType=&travelType=Domestic&sector=104
Title: Air Packages

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/tourpacakage_search?searchKey=&tagType=&travelType=International&sector=All
Title: International Packages

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/tourpacakage_search?searchKey=&tagType=&sector=102&travelType=Domestic
Title: Land Packages

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/cruise
Title: Cruise

Search URL Search Domain Scan URL

URL: https://www.rr.irctctourism.com/#/accommodation/in/ACBooklogin
Title: Retiring Room

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/accommodation
Title: Lounge

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/AboutSBICobrandCard.pdf
Title: About IRCTC SBI Credit Card

Search URL Search Domain Scan URL

URL: https://www.sbicard.com/eapply/eapply-form.page/apply?path=personal/credit-cards/travel/irctc-rupay-sbi-card.dcr&GEMID1=Home_Loyalty_Tab_E-apply_Before_Login&GEMID2=IRCTC_Web&CHN=451
Title: IRCTC SBI Platinum Card RUPAY e-apply

Search URL Search Domain Scan URL

URL: http://www.ecatering.irctc.co.in/eCatering/
Title: Order Food

Search URL Search Domain Scan URL

URL: http://menurates.irctc.co.in/
Title: Standard Menu Rates

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/irctc-advertisement.pdf
Title: Advertise With IRCTC

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=cris.org.in.prs.ima&hl=en
Title: Android Mobile App

Search URL Search Domain Scan URL

URL: https://apps.apple.com/in/app/irctc-rail-connect/id1386197253
Title: iOS Mobile App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.irctc.tourism
Title: IRCTC Tourism App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.irctc.air&hl=en
Title: IRCTC Air App

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.cris.utsmobile&hl=en
Title: UTS TICKET APP

Search URL Search Domain Scan URL

URL: https://www.sbicard.com/eapply/eapply-form.page/apply?path=personal/credit-cards/travel/irctc-rupay-sbi-card.dcr&GEMID1=Home_Promo_Tab_E-apply&GEMID2=IRCTC_Web&CHN=451
Title: IRCTC SBI Platinum Card RUPAY e-apply

Search URL Search Domain Scan URL

URL: http://www.nvsp.in/
Title: National Voter"s Service Portal

Search URL Search Domain Scan URL

URL: http://mahilaehaat-rmk.gov.in/
Title: Mahila E-Haat

Search URL Search Domain Scan URL

URL: https://www.raildrishti.in/
Title: Rail Drishti

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/IRBRmag/
Title: Indian Railways Magazines

Search URL Search Domain Scan URL

URL: https://www.fois.indianrail.gov.in/RailSAHAY/index.jsp
Title: Railways Freight Business Portal

Search URL Search Domain Scan URL

URL: https://www.confirmtkt.com/?utm_source=IRCTC_WEB&utm_medium=IRCTC_WEB&utm_campaign=IRCTC_WEB
Title: Confirmtkt

Search URL Search Domain Scan URL

URL: https://www.ixigo.com/trains?utm_source=IRCTC_Web&utm_medium=IRCTC_Web&utm_campaign=IRCTC_Web
Title: ixigo

Search URL Search Domain Scan URL

URL: https://applinks.makemytrip.com/nj1y2uTxccb
Title: MakeMyTrip-Trains

Search URL Search Domain Scan URL

URL: https://bit.ly/3xYteV0
Title: EaseMyTrip

Search URL Search Domain Scan URL

URL: https://corover.ai/irctc/
Title: ChatBot as a Service (CaaS)

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/BookUpto12ticketsinamonthbylinkingAadhaar.pdf
Title: Link Your Aadhaar

Search URL Search Domain Scan URL

URL: https://www.railwire.co.in/station-wi-fi-project.php
Title: WI-Fi Railway Stations

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/BOC.pdf
Title: Battery Operated Cars

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/wheelchair
Title: E-wheelchair

Search URL Search Domain Scan URL

URL: http://www.rr.irctctourism.com/cgi-bin/rr.dll/irctc/services/rrhome.do
Title: Retiring Room

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/HandicraftsCommitteeReport.pdf
Title: Support SHG/Handicraft

Search URL Search Domain Scan URL

URL: https://agent.irctc.co.in/nget/train-search
Title: Agent DC Login

Search URL Search Domain Scan URL

URL: http://www.indianrail.gov.in/enquiry/PNR/PnrEnquiry.html?locale=en
Title: PNR STATUS

Search URL Search Domain Scan URL

URL: https://hotel.irctctourism.com/hotels
Title: HOTELS

Search URL Search Domain Scan URL

URL: https://www.bus.irctc.co.in/home
Title: BUS

Search URL Search Domain Scan URL

URL: http://www.irctctourism.com/cgi-bin/dev1.dll/irctc/booking/tourPackages.jsp
Title: HOLIDAY PACKAGES

Search URL Search Domain Scan URL

URL: http://www.irctctourism.com/cgi-bin/dev1.dll/irctc/booking/bestSellerTrains.jsp
Title: TOURIST TRAIN

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/gallery/
Title: HILL RAILWAYS

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/#/tourpacakage_search?searchKey=&tagType=&travelType=International&sector=All
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/#/tourpacakage_search?searchKey=&tagType=&travelType=Domestic&sector=All
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.irctcbuddhisttrain.com/
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.irctctourism.com/#/tourpkgs
Title: Read More

Search URL Search Domain Scan URL

URL: https://www.facebook.com/IRCTCofficial/

Search URL Search Domain Scan URL

URL: https://youtube.com/c/IRCTCOFFICIAL

Search URL Search Domain Scan URL

URL: https://instagram.com/irctc.official?igshid=yyg5byow704l

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/irctcofficial

Search URL Search Domain Scan URL

URL: https://t.me/IRCTC_Official

Search URL Search Domain Scan URL

URL: https://in.pinterest.com/irctcofficial/

Search URL Search Domain Scan URL

URL: https://irctcofficial.tumblr.com/

Search URL Search Domain Scan URL

URL: https://www.kooapp.com/profile/irctcofficial

Search URL Search Domain Scan URL

URL: https://twitter.com/IRCTCofficial

Search URL Search Domain Scan URL

URL: http://cris.org.in/
Title: CRIS

Search URL Search Domain Scan URL

URL: http://contents.irctc.co.in/en/BetaSiteCompatibleBrowser.html
Title: Compatible Browsers

Search URL Search Domain Scan URL

URL: https://corover.ai/
Title: Powered by CoRover

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://irctc.co.in/ HTTP 302
https://irctc.co.in/ HTTP 302
https://www.irctc.co.in/nget/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

Request Chain 117

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKV5PZyaNdoE41pUN.vuBQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1&google_hm=2

Request Chain 118

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

Request Chain 119

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNjEzMjQwMjczNDkxODAwNA%3D%3D

Request Chain 120

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

Request Chain 121

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKV5PRRWOiyWPdfAa9jBxAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

Request Chain 122

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

Request Chain 123

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ2MjYyMTMzNTU5MDk3MjA3OQ%3D%3D

Request Chain 220

https://ssl.connextra.com/Betsson/selector/image?client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impression_1x1&_cb=342014636&apnauc=3906773628412651985 HTTP 302
https://ssl.connextra.com/servlet/controller?service=DDM_Betsson_PL_Casino_Impression_1x1&pubhost=assistant.corover.mobi&image=image%2Fgif&client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impression_1x1&_cb=342014636&apnauc=3906773628412651985

Request Chain 251

https://t.myvisualiq.net/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115 HTTP 302
https://t.myvisualiq.net/ul_cb/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115

Request Chain 277

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=11924&pub_id=1941071&gdpr=0 HTTP 307
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels%26seller_id%3D11924%26pub_id%3D1941071%26gdpr%3D0

Request Chain 287

https://onetag-sys.com/usync/?tag=img HTTP 302
https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=e90060a5-7942-4900-b282-6ef7eae0799b&expires=30&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 292

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363

Request Chain 293

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://ads.servenobid.com/sync?pid=310&uid=832af292f51fc3a334b7eea0

Request Chain 294

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1541946518 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1541946518 HTTP 302
https://sync.1rx.io/usersync/tradedesk/3f521d63-e746-4606-ae3e-d8a522b908b6 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

Request Chain 295

https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID HTTP 302
https://ads.servenobid.com/sync?pid=322&uid=5e37c22a-83dd-40db-a111-34b90f4af36b

Request Chain 296

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D HTTP 302
https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def

Request Chain 297

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=875739026914915596

Request Chain 298

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363

Request Chain 299

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://ads.servenobid.com/sync?pid=310&uid=ac801304dfe726eef5f62dcf

Request Chain 304

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8283248301 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8283248301 HTTP 302
https://sync.1rx.io/usersync/tradedesk/66e902c2-976d-47a5-abe9-c33bcadfcea7 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

Request Chain 305

https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID HTTP 302
https://ads.servenobid.com/sync?pid=322&uid=f7f23556-4750-496d-9083-672ec4cc7d2c

Request Chain 306

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D HTTP 302
https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def

Request Chain 307

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=1871597495218669069

Request Chain 309

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/e90060a5-7942-4900-b282-6ef7eae0799b

Request Chain 311

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://onetag-sys.com/sync/i,34/7552509207361088343

Request Chain 312

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc= HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Request Chain 315

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Request Chain 316

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&google_hm=NWNmZWVmNGItNzIzYi00MGRlLTkxOTItNTdlMTgyNGRiMTEx HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEK_TbwnPJRcbJfZF-NQ-_1s&google_cver=1&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 317

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/e9fd60a5-7942-4600-8db3-772b93dc7fc7

Request Chain 319

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc= HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESELr84Fpp-YscrTyuDUYR_ps&google_cver=1

Request Chain 321

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Request Chain 322

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=onetag&ssp_user_id=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=180896394&expires=5&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 323

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY HTTP 302
https://onetag-sys.com/sync/i,34/9155501502506257739

Request Chain 326

https://onetag-sys.com/usync/?tag=img HTTP 302
https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=bc756333-79ac-40e2-94dc-fbe6f1361c55&ssp=onetag&user_group=1 HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 333

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/170860a5-7942-4600-8a40-f340b76e0754

Request Chain 335

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://onetag-sys.com/sync/i,34/8822065448440333580

Request Chain 336

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc= HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Request Chain 338

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Donetag%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Donetag%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D&crf=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=414ed594-de90-528b-a80a-b9cdc8afc088&ssp=onetag&expires=30&user_group=1 HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 339

https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e HTTP 302
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e&verify=true HTTP 302
https://onetag-sys.com/sync/i,39/y-z3jBxClE2uGreJQIwSWGsokfwFkmZDgz~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

Request Chain 340

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Request Chain 342

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/697460a5-7942-4b00-812a-621aae1939bd

Request Chain 344

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8 HTTP 302
https://onetag-sys.com/sync/i,34/3440549415465493157

Request Chain 345

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc= HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Request Chain 347

https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e HTTP 302
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e&verify=true HTTP 302
https://onetag-sys.com/sync/i,39/y-BP80LBhE2uFfooPp5y0Qe82wFzdq3EIZ~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

Request Chain 348

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Request Chain 349

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=2142492005603680179&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 351

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/fa6160a5-7942-4900-9e7a-554b9daa8059

Request Chain 353

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEOU4G2gM2LeUYoVuAJad3IM&google_cver=1

Request Chain 355

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Request Chain 356

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=697460a5-7942-4b00-812a-621aae1939bd&expires=30&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 357

https://dmp.adform.net/serving/cookie/match?party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw HTTP 302
https://onetag-sys.com/sync/i,34/5042875902258604398

Request Chain 359

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/186260a5-7942-4d00-bbcb-2a0ec7d5f926

Request Chain 361

https://dmp.adform.net/serving/cookie/match?party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw HTTP 302
https://onetag-sys.com/sync/i,34/6579650495194658645

Request Chain 362

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEPRe9B73WWYp9BJdUG33LWY&google_cver=1

Request Chain 365

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Request Chain 366

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=760001bf-14d1-4d32-b621-ce96c6a7d499&ssp=onetag&user_group=1 HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Request Chain 371

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D22%26buid%3DYOUR_USER_ID HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=5453823890142117016

Request Chain 372

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D86%26buid%3D$UID HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363

Request Chain 373

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D66%26buid%3D%7Bamob_user_id%7D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f220400caa70d0d1a6570

Request Chain 374

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D100%26buid%3D HTTP 302
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D100%26buid%3D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8

Request Chain 376

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D22%26buid%3DYOUR_USER_ID HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=7212106822793907025

Request Chain 377

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D86%26buid%3D$UID HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363

Request Chain 378

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D66%26buid%3D%7Bamob_user_id%7D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f2204003899af0e3c9359

Request Chain 379

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D100%26buid%3D HTTP 302
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D100%26buid%3D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8

Request Chain 380

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363

Request Chain 381

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597495218669069&expires=30&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111

Request Chain 382

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29

Request Chain 383

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46

Request Chain 384

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-492c8f51-4a31-4894-5f67-11c4904e7c39$ip$196.247.180.148

Request Chain 385

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-7BskspZE2pdxMWXEsEV7ns.dfBAqexGnyBvd~A

Request Chain 386

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=5d908055-b8e3-11eb-bbb3-6fc354e27b3b

Request Chain 389

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=Q3XbYZ4c42OMAwibqtu9&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UJTLBRFSWRUMM2DET2NIF3WSYTROR2TSJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UJTLBRFSWRUMM2DET2NIF3WSYTROR2TSJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Q3XbYZ4c42OMAwibqtu9&us_privacy=1---

Request Chain 390

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583

Request Chain 391

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6389767606 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6389767606 HTTP 302
https://sync.1rx.io/usersync/tradedesk/a7d8e4f0-f248-4b00-b186-73db41d41199 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

Request Chain 392

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=RwzxRmVe7rho&ev=1&pid=558355

Request Chain 394

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=

Request Chain 395

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4 HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4

Request Chain 399

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219

Request Chain 401

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA

Request Chain 402

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069

Request Chain 403

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1

Request Chain 404

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363

Request Chain 405

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c9e7e765-a800-4084-b844-7a1ed5431f25&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597495218669069&expires=30&ssp=gumgum2 HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111

Request Chain 407

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46

Request Chain 408

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-745968ca-4578-4928-75cb-b8d6e7f61141$ip$196.247.180.148

Request Chain 409

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-1.N1Vq1E2pdUcMVCLZMqqalFyecpW1vophPL~A

Request Chain 410

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=5da60381-b8e3-11eb-b636-898e4fcc48fa

Request Chain 413

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c9e7e765-a800-4084-b844-7a1ed5431f25&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://stags.bluekai.com/site/23178?id=g_wl7PS2nxhgb5Prckjl&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Z27O5WDOUCTGJXHQ2DHMI2VA4TDNNVGYJTVONPXA4TJOZQWG6J5GEWS2LI&gdpr=0&us_privacy=1--- HTTP 302
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Z27O5WDOUCTGJXHQ2DHMI2VA4TDNNVGYJTVONPXA4TJOZQWG6J5GEWS2LI HTTP 302
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=g_wl7PS2nxhgb5Prckjl&us_privacy=1---

Request Chain 414

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583

Request Chain 415

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=221165185 HTTP 302
https://sync.1rx.io/usersync/tradedesk/3f521d63-e746-4606-ae3e-d8a522b908b6 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003 HTTP 302
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

Request Chain 416

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=MfgDaI1DlExb&ev=1&pid=558355

Request Chain 418

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=

Request Chain 419

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg

Request Chain 423

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219

Request Chain 425

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA

Request Chain 426

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069

Request Chain 427

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1

Request Chain 431

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEd25VN0JTdk1BQUN5VUNETExVZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Request Chain 432

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960

Request Chain 434

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7Dv-n4nQXmNjwLxThYHtA%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 435

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=186260a5-7942-4d00-bbcb-2a0ec7d5f926

Request Chain 436

https://pixel.onaudience.com/?partner=214&mapped=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=a7d8e4f0-f248-4b00-b186-73db41d41199&icm HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=d39e47efb47dcb6c803e331bcba37752 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=bfe74f50-db78-46e7-9f68-b8c91cb53622&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=a0e9074257181905 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zcluid=a0e9074257181905&zdid=1332 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zcluid=a0e9074257181905&zdid=1332&google_tc= HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEHjtYLW4j7-mZ06eXrCsUaE&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zcluid=a0e9074257181905&zdid=1332

Request Chain 437

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUZCMEVGRkEtN0UyNy00MTc5LThEOEYtMDJGMTRFMTYwN0I0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 438

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFkV8FF4WQBOUjHEEerU6eA&google_cver=1

Request Chain 440

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&gdpr=0&gdpr_consent=

Request Chain 441

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5042875902258604398

Request Chain 442

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad

Request Chain 443

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7479704688393846363&gdpr=0&gdpr_consent=

Request Chain 445

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QXl1bE9E2uW0HDwQtiKwIYwm2hI2Ehw-~A&gdpr=0&gdpr_consent=

Request Chain 446

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy

Request Chain 447

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://x.bidswitch.net/sync?dsp_id=257&user_id=mk9cb99690-daf4-4436-b044-9d444755662c&expires=7&user_group=5&ssp=pubmatic&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=257&user_id=mk9cb99690-daf4-4436-b044-9d444755662c&expires=7&user_group=5&ssp=pubmatic&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2934fa37-3195-40b9-8d8e-e9aa38f5e743&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 448

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4256221538649928137&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 449

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YKV5SQABKKz1YAA4 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YKV5SQABKKz1YAA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1YAA4

Request Chain 450

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1c9e9bd9-55f0-4a14-996c-d1a4b539dad6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 463

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0

Request Chain 464

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&rndcb=1120848124 HTTP 302
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=adconductor&bds_param=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://x.bidswitch.net/sync?dsp_id=340&user_id=a6e74313-f8b2-4a98-a58f-66cb0f63237c&expires=10&ssp=adconductor&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111 HTTP 302
https://sync.1rx.io/usersync/bidswitch/5cfeef4b-723b-40de-9192-57e1824db111?gdpr=&gdpr_consent= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

Request Chain 465

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf

Request Chain 467

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 468

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%% HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219

Request Chain 470

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 471

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID} HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Request Chain 472

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=

Request Chain 473

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ

Request Chain 475

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6

Request Chain 476

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&addseg=21

Request Chain 477

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 479

https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1

Request Chain 480

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

Request Chain 481

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA%3D%26piggybackCookie%3D%24UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3025894784023171278

Request Chain 482

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_c9e7e765-a800-4084-b844-7a1ed5431f25

Request Chain 483

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5db93de4-b8e3-11eb-ba32-a5ffe5b97bb0&gdpr=0&gdpr_consent=

484 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.irctc.co.in/nget/
Redirect Chain

http://irctc.co.in/
https://irctc.co.in/
https://www.irctc.co.in/nget/

8 KB
3 KB

771ms
191ms

Document
text/html

103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

c273a20005937ca693fc9afebf33474f504712d1150b185c236d6f6826ef0d96

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.irctc.co.in
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx
Date: Wed, 19 May 2021 20:46:46 GMT
Content-Type: text/html
ntCoent-Length: 8401
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Connection: keep-alive
ETag: "60a51c8f-20d1"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 2769

Redirect headers

Location: https://www.irctc.co.in/nget/
Connection: close
Cache-Control: no-cache
Pragma: no-cache

GET
H2 200 6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2
fonts.gstatic.com/s/quicksand/v7/ 18 KB
18 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/quicksand/v7/6xKtdSZaM9iE8KbpRA_hJVQNcOM.woff2

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ed8e43c88fcddea19fc1ca953fa736916195f311463ed76b23bcf0a6254f1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 08:17:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 10 Oct 2017 23:17:59 GMT
server: sffe
age: 131350
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18704
x-xss-protection: 0
expires: Wed, 18 May 2022 08:17:36 GMT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
18 KB 19ms
17ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:46 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 2300144
cdn-cachedat: 2021-04-23 07:41:57
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0a27fa963200002be98194f000000001
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a4d6ed28319351ba2a289260b476c923
cf-ray: 65202d36bf392be9-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 primeng.min.css
cdn.jsdelivr.net/npm/primeng@9.0.5/resources/ 82 KB
13 KB 9ms
7ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/primeng@9.0.5/resources/primeng.min.css

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4dc56c750713f32eca2279a7c5f231687bad8a0e061163190467c8b233f48075

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2582542
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 13600
etag: W/"148d2-QCOPsMfgB3Gv5lC5cCFW7GJ/W5A"
x-served-by: cache-fra19182-FRA, cache-hhn4033-HHN
date: Wed, 19 May 2021 20:46:46 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 theme.css
cdn.jsdelivr.net/npm/primeng@9.0.5/resources/themes/nova-light/ 122 KB
11 KB 10ms
8ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/primeng@9.0.5/resources/themes/nova-light/theme.css

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

cff247c4d6c20697eb3565e8cdce376842e41201d0e7a571e3649d1e92f7ed39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 1790987
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 10972
etag: W/"1e656-GK4wGRb8W39oFMuC7UrLwsPQWdk"
x-served-by: cache-fra19169-FRA, cache-hhn4033-HHN
date: Wed, 19 May 2021 20:46:46 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 font-awesome.min.css
cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/ 30 KB
7 KB 7ms
6ms Stylesheet
text/css 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 7229551
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 7055
etag: W/"7918-USx9eQM+MCipvmG1QM8aaHDIlvg"
x-served-by: cache-fra19131-FRA, cache-hhn4033-HHN
date: Wed, 19 May 2021 20:46:46 GMT
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad35eab5d65725ea3bc3743e3497bae5800e47a8e6fab22dcd9f8a31c947f69e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 816 of 1000 / last-modified: 1621442467"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21352
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:46 GMT

GET
H2 200 da004191678d8e062dab7ecdea625a5251b9dfde.js Show response
cdn.truenotify.co.in/scripts/ 6 KB
2 KB 47ms
14ms Script
application/javascript 2606:4700::6812:1275
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.truenotify.co.in/scripts/da004191678d8e062dab7ecdea625a5251b9dfde.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1275 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd2ab55f0c3f815827b29222e282e6d787daa928e68505f03f891d2ab5718d03

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:46 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 485102
last-modified: Sun, 21 Mar 2021 12:57:58 GMT
cf-request-id: 0a27fa965200004a569d308000000001
cf-bgj: minify
server: cloudflare
etag: W/"605742d6-1981"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=691200
cf-ray: 65202d36ee374a56-FRA
expires: Thu, 27 May 2021 20:46:46 GMT

GET
H/1.1 200
OK styles.d4913679e40f1ab09f01.css
www.irctc.co.in/nget/ 94 KB
24 KB 197ms
196ms Stylesheet
text/css 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

daf38b5d72169883de2e4eed3beffe528148c1b6335c808595ec7b69d97f6deb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.irctc.co.in/nget/
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 95757
Date: Wed, 19 May 2021 20:46:46 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:10:37 GMT
Server: nginx
ETag: "60a51c5d-1760d"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK runtime-es2015.d6fd16e2adcf90c6e0d9.js Show response
www.irctc.co.in/nget/ 2 KB
2 KB 562ms
194ms Script
application/javascript 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/runtime-es2015.d6fd16e2adcf90c6e0d9.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

bfb107f4801aa4969678fc9bad4453da1e12e2f66b37a7d8281db13c36b52d1e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.irctc.co.in
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.irctc.co.in/nget/
Connection: keep-alive
Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 2431
Date: Wed, 19 May 2021 20:46:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:10:41 GMT
Server: nginx
ETag: "60a51c61-97f"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1268

GET
H/1.1 200
OK polyfills-es2015.40cfe05d9af70a574859.js Show response
www.irctc.co.in/nget/ 51 KB
19 KB 759ms
197ms Script
application/javascript 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

4556324e0a6e2cd98c09f32a39834d14e1136fe5d8e06ba1f09220cbaf42c0fc

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.irctc.co.in
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.irctc.co.in/nget/
Connection: keep-alive
Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 52517
Date: Wed, 19 May 2021 20:46:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:10:42 GMT
Server: nginx
ETag: "60a51c62-cd25"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18659

GET
H/1.1 200
OK main-es2015.a0b1e3d4001754a85557.js Show response
www.irctc.co.in/nget/ 1 MB
387 KB 775ms
195ms Script
application/javascript 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/main-es2015.a0b1e3d4001754a85557.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

17b95caabc7f4cac62354765f40a304134dd0b09353b0b09619ecfbddcd48fa1

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.irctc.co.in
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://www.irctc.co.in/nget/
Connection: keep-alive
Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 1446580
Date: Wed, 19 May 2021 20:46:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:11:24 GMT
Server: nginx
ETag: "60a51c8c-1612b4"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H2 200 izooto.js Show response
cdn.izooto.com/scripts/sdk/ 165 KB
40 KB 52ms
28ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sdk/izooto.js

Requested by

Host: cdn.truenotify.co.in
URL: https://cdn.truenotify.co.in/scripts/da004191678d8e062dab7ecdea625a5251b9dfde.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8edcae1fb5a74e032763e7fdf6d3d6955e781a9f2ae6ef0d584c26020f8703be

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 17 May 2021 10:19:26 GMT
server: cloudflare
age: 210380
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: public, max-age=691200
expires: Thu, 27 May 2021 20:46:46 GMT
cf-ray: 65202d3729da4e14-FRA
cf-request-id: 0a27fa967c00004e14962f2000000001
cf-bgj: minify

GET
H2 200 pubads_impl_2021051301.js Show response
securepubads.g.doubleclick.net/gpt/ 306 KB
108 KB 183ms
58ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 08:39:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110161
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:47 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4611
date: Wed, 19 May 2021 19:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 19 May 2021 21:29:56 GMT

GET
H/1.1 200
OK labels_en.json Show response
www.irctc.co.in/nget/assets/json/ 83 KB
31 KB 194ms
194ms XHR
application/json 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/assets/json/labels_en.json

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

cb4fc7d329d51bbc323acde6a4e077fb3352be9bd5101796d12e91faf105a1d2

Security Headers

Name

Value

Content-Security-Policy

default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://www.irctc.co.in/nget/
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 85495
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-14df7"
Transfer-Encoding: chunked
Content-Type: application/json
Cache-Control: private
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK errorMessage_en.json Show response
www.irctc.co.in/nget/assets/json/ 34 KB
11 KB 196ms
195ms XHR
application/json 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/assets/json/errorMessage_en.json

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

682ecc95209fcac7d195c3eeadc180c38a51fe9205628fac34a5ccba28a5b7bb

Security Headers

Name

Value

Content-Security-Policy

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Sec-Fetch-Dest: empty
Referer: https://www.irctc.co.in/nget/
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 34661
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-8765"
Content-Type: application/json
Cache-Control: private
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9416

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 954 B
705 B 20ms
20ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/main-es2015.a0b1e3d4001754a85557.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0fe057700147bf7539a0c065847ccbbb80e4e573dbafe7e7eecb19fc94f1f289

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 613
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

GET StationLinguisticNames
www.irctc.co.in/eticketing/ 0
0

GET
H/1.1 200
OK Cookie set 1621457209027 Show response
www.irctc.co.in/eticketing/protected/profile/numberToText/ 3 B
2 KB 203ms
203ms XHR
text/plain 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/eticketing/protected/profile/numberToText/1621457209027

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

2ac878b0e2180616993b4b6aa71e61166fdc86c28d47e359d0ee537eb11d46d3

Security Headers

Name

Value

Content-Security-Policy

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
greq: 1621457208997
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Pragma: no-cache
Host: www.irctc.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Language: en
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.irctc.co.in/nget/train-search
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/train-search
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
greq: 1621457208997
Content-Language: en

Response headers

X-Request-For: be677404
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/plain
Cache-Control: private
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Set-Cookie: JSESSIONID=DuKGYYcyeCHSIsbfND0NhtKjgik86esomlXnMfq81KtdH6P1YZkB!-594700631; SameSite=None; Secure; path=/; HttpOnly et_app=4c74a34c8787aeff5e12a8a5089e43fcb6cabcbcaf734c83072af071714384b95fa1f251;SameSite=None; Secure; path=/;httponly

GET
H/1.1 200
OK Cookie set newsandalert Show response
www.irctc.co.in/eticketing/webservices/taenqservices/ 14 KB
7 KB 310ms
196ms XHR
application/json 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/eticketing/webservices/taenqservices/newsandalert

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

fc0f005ccc24ffbf3e9a28e80c654ec09f958f2240b024e2b68152f303366d64

Security Headers

Name

Value

Content-Security-Policy

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
greq: 1621457208997
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Pragma: no-cache
Host: www.irctc.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Language: en
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.irctc.co.in/nget/train-search
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/train-search
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
greq: 1621457208997
Content-Language: en

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/json
Cache-Control: no-cache, no-store, must-revalidate,max-age=0
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Set-Cookie: JSESSIONID=mm2GYYfhP4EuzWSsWK_Ne8jy4xoDZudzZYsjIEWPXlf6wmbV6UyO!889053864; SameSite=None; Secure; path=/; HttpOnly et_app=28daa36b56307c9193d7294d8cb0ad8e98e95474ae6f2d5303d51bb1e29b5e3e3b14fa17;SameSite=None; Secure; path=/;httponly
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Cookie set country Show response
www.irctc.co.in/eticketing/protected/mapps1/ 15 KB
5 KB 344ms
207ms XHR
application/json 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/eticketing/protected/mapps1/country

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

1f714b5ce2002eef373b9fcdc8e5c391bcb360cf19f7ff7b4d41e14b3d948a47

Security Headers

Name

Value

Content-Security-Policy

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
greq: 1621457208997
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Pragma: no-cache
Host: www.irctc.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Language: en
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.irctc.co.in/nget/train-search
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/train-search
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
greq: 1621457208997
Content-Language: en

Response headers

X-Request-For: 3a05ac8f
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: application/json
Cache-Control: private
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Set-Cookie: JSESSIONID=jkCGYYgE1zBazW_bA1v5UPNxfiX1ardbIHkppttKnWZLpkfl_945!2115200557; SameSite=None; Secure; path=/; HttpOnly et_app=7dbaa394ebf91bfd1afab57536c67f738984ae36c80b66c08c5c944195fadb34a7a56f05;SameSite=None; Secure; path=/;httponly

GET
H/1.1 200
OK Cookie set StationLinguisticNames Show response
www.irctc.co.in/eticketing/ 367 KB
129 KB 492ms
197ms XHR
application/javascript 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/eticketing/StationLinguisticNames?hl=en_hi

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

0865528c771ae6033630bd8e6c1b60249d79e53f92339ea20d1b6f389e2b4cfc

Security Headers

Name

Value

Content-Security-Policy

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
greq: 1621457208997
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Pragma: no-cache
Host: www.irctc.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Language: en
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.irctc.co.in/nget/train-search
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/train-search
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
greq: 1621457208997
Content-Language: en

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Server: nginx
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8
Set-Cookie: et_app=3f0da3836fcf3cc6ea5cc8a8daa2a51d634be71747103736a9ca759f5dd611a39ecd038b;SameSite=None; Secure; path=/;httponly
Cache-Control: max-age=21600
Content-Disposition: filename="StationLinguisticNames_en_hi.js"
Connection: keep-alive

GET
H/1.1 200
OK Koo.png
www.irctc.co.in/nget/assets/images/ 225 KB
226 KB 274ms
197ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/assets/images/Koo.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/train-search

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

54adb54e48c6d647681133688f66c9f6e95161f53b58397851841cf352c9c62a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/train-search
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=jkCGYYgE1zBazW_bA1v5UPNxfiX1ardbIHkppttKnWZLpkfl_945!2115200557; et_app=3f0da3836fcf3cc6ea5cc8a8daa2a51d634be71747103736a9ca759f5dd611a39ecd038b
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/train-search
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:50 GMT
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-3856a"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 230762

GET
H/1.1 200
OK checkBox.8cf423073e71167979b5.jpg
www.irctc.co.in/nget/ 688 B
989 B 637ms
192ms Image
image/jpeg 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/checkBox.8cf423073e71167979b5.jpg

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

74d955fc1fabc21de7667611927dae6d60804e5696684359564d897970095203

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; et_app=5300a3ac287157ddc839fd0c6cae7566d325035f0df38d1387c34284ed00eda0b3719f3d
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:10:37 GMT
Server: nginx
ETag: "60a51c5d-2b0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 688

GET
H/1.1 200
OK home_page_banner1.b233d37e7fc8266ecd46.jpg
www.irctc.co.in/nget/ 1017 KB
1017 KB 380ms
199ms Image
image/jpeg 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/home_page_banner1.b233d37e7fc8266ecd46.jpg

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

cf968d97557bd0f7dbbb4d6ed7253a1b3f8370c9f9a0cb83d259f153f02afca8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; et_app=5300a3ac287157ddc839fd0c6cae7566d325035f0df38d1387c34284ed00eda0b3719f3d
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:10:37 GMT
Server: nginx
ETag: "60a51c5d-fe4b4"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1041588

GET
H/1.1 200
OK css-sprite-combined1.11356089c173c53adec9.png
www.irctc.co.in/nget/ 35 KB
35 KB 407ms
197ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/css-sprite-combined1.11356089c173c53adec9.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

88d6097c7ba2f13047bedd278df6f7a530352beb534af2f3d94cd712f0711eb9

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; et_app=5300a3ac287157ddc839fd0c6cae7566d325035f0df38d1387c34284ed00eda0b3719f3d
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:10:37 GMT
Server: nginx
ETag: "60a51c5d-8bd3"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35795

GET
H2 200 fontawesome-webfont.woff2
cdn.jsdelivr.net/npm/font-awesome@4.7.0/fonts/ 75 KB
76 KB 7ms
6ms Font
font/woff2 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.irctc.co.in
Referer: https://cdn.jsdelivr.net/npm/font-awesome@4.7.0/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
age: 8545655
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 77160
etag: W/"12d68-1vSMun0Hb7by/Wupk6dbncHsvww"
x-served-by: cache-fra19174-FRA, cache-hhn4033-HHN
date: Wed, 19 May 2021 20:46:49 GMT
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK primeicons.04701ca33ce96d325419.ttf
www.irctc.co.in/nget/ 39 KB
18 KB 205ms
197ms Font
application/octet-stream 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/nget/primeicons.04701ca33ce96d325419.ttf

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

38fa9ef0a9b1bfed89c84a815e2f827a690dd92cbdcda7a4f74f2020ccd9d7f3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.irctc.co.in
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207
Connection: keep-alive
Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/nget/styles.d4913679e40f1ab09f01.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cteonnt-Length: 39572
Date: Wed, 19 May 2021 20:46:49 GMT
Content-Encoding: gzip
Last-Modified: Wed, 19 May 2021 14:10:37 GMT
Server: nginx
ETag: "60a51c5d-9a94"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: private
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17726

GET
H/1.1 200
OK secondry-logo.png
www.irctc.co.in/nget/assets/images/ 8 KB
8 KB 744ms
196ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/assets/images/secondry-logo.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/train-search

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

713c0ddf971e8d7b4930ec949704e93d662f48604f3813b0ebe83fb94032ecd2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/train-search
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=DuKGYYcyeCHSIsbfND0NhtKjgik86esomlXnMfq81KtdH6P1YZkB!-594700631; et_app=4c74a34c8787aeff5e12a8a5089e43fcb6cabcbcaf734c83072af071714384b95fa1f251
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/train-search
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-1ee4"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7908

GET
H/1.1 200
OK logo.png
www.irctc.co.in/nget/assets/images/ 6 KB
6 KB 841ms
192ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/assets/images/logo.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/train-search

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

4a1dd8d5a99e4b6aa04aa0fefad87b3f7afada5b3e62ff80d4a889a9a6c155b2

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/train-search
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=DuKGYYcyeCHSIsbfND0NhtKjgik86esomlXnMfq81KtdH6P1YZkB!-594700631; et_app=4c74a34c8787aeff5e12a8a5089e43fcb6cabcbcaf734c83072af071714384b95fa1f251
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/train-search
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:50 GMT
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-17a8"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6056

GET
H/1.1 200
OK chart.png
www.irctc.co.in/nget/assets/images/icons/ 529 B
829 B 775ms
194ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/assets/images/icons/chart.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/train-search

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

3e28e41cd6f9508da61a47f99e199d779b9ced82e3f7ef4788ffed2f0b4e7967

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/train-search
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=DuKGYYcyeCHSIsbfND0NhtKjgik86esomlXnMfq81KtdH6P1YZkB!-594700631; et_app=4c74a34c8787aeff5e12a8a5089e43fcb6cabcbcaf734c83072af071714384b95fa1f251
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/train-search
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-211"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 529

GET
H/1.1 200
OK pnr.png
www.irctc.co.in/nget/assets/images/icons/ 396 B
696 B 726ms
196ms Image
image/png 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.irctc.co.in/nget/assets/images/icons/pnr.png

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/train-search

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

276e9a0fb6373b681060de84821df4c64e55c292a6dc37e9891f9889efc47598

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.irctc.co.in
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.irctc.co.in/nget/train-search
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=DuKGYYcyeCHSIsbfND0NhtKjgik86esomlXnMfq81KtdH6P1YZkB!-594700631; et_app=4c74a34c8787aeff5e12a8a5089e43fcb6cabcbcaf734c83072af071714384b95fa1f251
Connection: keep-alive
Referer: https://www.irctc.co.in/nget/train-search
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:49 GMT
Last-Modified: Wed, 19 May 2021 14:11:27 GMT
Server: nginx
ETag: "60a51c8f-18c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-control: public, max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 396

GET
H3-29 200 api.js Show response
www.google.com/recaptcha/ 908 B
596 B 16ms
15ms Script
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&onload=initRecaptcha

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/main-es2015.a0b1e3d4001754a85557.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fa29c173adfc834999cb48bd87edbde6359640538006567a662bd55ec11406ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 575
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ 335 KB
131 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.irctc.co.in
Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5972
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134136
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 19:07:17 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame FAC1 38 KB
19 KB 32ms
32ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=yf0zz3iore5s

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

87101792ede1eac8fe7244d22e4fbe4bf105f893fba3a0e2cdae30b51b1fae09

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-YJUREyZcDdOeQ2IoYzHGng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=yf0zz3iore5s
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 May 2021 20:46:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-YJUREyZcDdOeQ2IoYzHGng' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19356
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame BE25 38 KB
19 KB 43ms
43ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=e5b9hnpt2luh

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d40844db077cf9c3e60dec631716ee4ae1299fdb432bd3a21f18196fa59276d7

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9/xKQmunNX1EUqAwG1rWiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=e5b9hnpt2luh
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 May 2021 20:46:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-9/xKQmunNX1EUqAwG1rWiw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19208
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 8715 38 KB
19 KB 71ms
71ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=q3uy7duww8e3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6ac9a9e3e04d6653f145649145db4bfa9bdcec85c8625459b975894fd42043d5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-k4SByYcbH7nWmEyJBDEV5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=q3uy7duww8e3
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 May 2021 20:46:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-k4SByYcbH7nWmEyJBDEV5w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19260
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 0961 37 KB
19 KB 27ms
27ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

28549f53cbe4dfb25ff33fc47765fefa219b01f6d880a75feec968d8b74f9cab

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-JQ8NT+TK1G3q4xHaJxEaWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 19 May 2021 20:46:49 GMT
content-security-policy: script-src 'report-sample' 'nonce-JQ8NT+TK1G3q4xHaJxEaWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 19130
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame FAC1 51 KB
25 KB 15ms
13ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=yf0zz3iore5s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
age: 1047
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25722
x-xss-protection: 0
expires: Thu, 19 May 2022 20:29:22 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame FAC1 335 KB
131 KB 30ms
28ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:34:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4345
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134136
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 19:34:24 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame 0961 51 KB
25 KB 18ms
17ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
age: 1047
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25722
x-xss-protection: 0
expires: Thu, 19 May 2022 20:29:22 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame 0961 335 KB
131 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:34:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4345
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134136
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 19:34:24 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame BE25 51 KB
25 KB 19ms
19ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
age: 1047
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25722
x-xss-protection: 0
expires: Thu, 19 May 2022 20:29:22 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame BE25 335 KB
131 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:34:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4345
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134136
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 19:34:24 GMT

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame 8715 51 KB
25 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:29:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
age: 1047
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25722
x-xss-protection: 0
expires: Thu, 19 May 2022 20:29:22 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/ Frame 8715 335 KB
131 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:34:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4345
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 134136
x-xss-protection: 0
last-modified: Tue, 11 May 2021 21:19:12 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 19:34:24 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame FAC1 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 537080
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Thu, 20 May 2021 15:35:29 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FAC1 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 395565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 15 May 2022 06:54:04 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame FAC1 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 23:58:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 593294
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 12 May 2022 23:58:35 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 0961 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 537080
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Thu, 20 May 2021 15:35:29 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0961 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 395565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 15 May 2022 06:54:04 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0961 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 23:58:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 593294
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 12 May 2022 23:58:35 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame BE25 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 537080
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Thu, 20 May 2021 15:35:29 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BE25 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 395565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 15 May 2022 06:54:04 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BE25 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 23:58:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 593294
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 12 May 2022 23:58:35 GMT

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 8715 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 537080
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Thu, 20 May 2021 15:35:29 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8715 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 15 May 2021 06:54:04 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 395565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
expires: Sun, 15 May 2022 06:54:04 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8715 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 12 May 2021 23:58:35 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
age: 593294
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
expires: Thu, 12 May 2022 23:58:35 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame FAC1 102 B
132 B 15ms
15ms Other
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=f-bnnOuahiYKuei7dmAd3kgv

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1fb0140eac079c8f8cc4df2380db9cf976d01b110e68e3924d5dbee0c54bc430

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=yf0zz3iore5s
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 0961 102 B
132 B 16ms
16ms Other
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=f-bnnOuahiYKuei7dmAd3kgv

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1fb0140eac079c8f8cc4df2380db9cf976d01b110e68e3924d5dbee0c54bc430

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame BE25 102 B
132 B 16ms
16ms Other
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=f-bnnOuahiYKuei7dmAd3kgv

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1fb0140eac079c8f8cc4df2380db9cf976d01b110e68e3924d5dbee0c54bc430

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=e5b9hnpt2luh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame 8715 102 B
132 B 18ms
18ms Other
text/javascript 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=f-bnnOuahiYKuei7dmAd3kgv

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1fb0140eac079c8f8cc4df2380db9cf976d01b110e68e3924d5dbee0c54bc430

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=q3uy7duww8e3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:49 GMT

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 0961 28 KB
16 KB 54ms
54ms XHR
application/json 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

36df4f7844b66a333259c67ac35e64f5c0820615434ba4949f404df24e61f295

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 19 May 2021 20:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16229
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:50 GMT

GET
H/1.1 200
OK StationLinguisticNames Show response
www.irctc.co.in/eticketing/ 2 KB
2 KB 202ms
201ms XHR
application/javascript 103.252.142.18
CRIS-ND-21-IN Cen...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.irctc.co.in/eticketing/StationLinguisticNames?hl=popular_en

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

103.252.142.18 , India, ASN45596 (CRIS-ND-21-IN Centre For Railway Information Systems, IN),

Reverse DNS

Software

nginx /

Resource Hash

a312d2f0d58bf0f21f3faf9f7af6c9896ea1a53c0a924589a1463da9fae23743

Security Headers

Name

Value

Content-Security-Policy

Request headers

Sec-Fetch-Mode: cors
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
greq: 1621457208997
Sec-Fetch-Dest: empty
Cookie: _ga=GA1.3.1232543964.1621457207; _gid=GA1.3.2012370895.1621457207; JSESSIONID=jkCGYYgE1zBazW_bA1v5UPNxfiX1ardbIHkppttKnWZLpkfl_945!2115200557; et_app=3f0da3836fcf3cc6ea5cc8a8daa2a51d634be71747103736a9ca759f5dd611a39ecd038b
Connection: keep-alive
Pragma: no-cache
Host: www.irctc.co.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Language: en
Accept: application/json, text/plain, */*
Cache-Control: no-cache
Referer: https://www.irctc.co.in/nget/train-search
Sec-Fetch-Site: same-origin
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/plain, */*
Referer: https://www.irctc.co.in/nget/train-search
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
greq: 1621457208997
Content-Language: en

Response headers

Date: Wed, 19 May 2021 20:46:50 GMT
Content-Encoding: gzip
Server: nginx
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ib.adnxs.com/ut/v3/prebid https://rtb2.automatad.com/ortb2/resp https://dmx.districtm.io/b/v1 https://ap.lijit.com https://adserver-us.adtech.advertising.com https://fonts.googleapis.com https://ad.doubleclick.net https://cdnjs.cloudflare.com https://b2cdn.automatad.com https://cdn.ampproject.org https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://assistant.corover.mobi https://go.automatad.com https://www.googletagmanager.com https://uiresource.blob.core.windows.net https://www.gstatic.com https://pagead2.googlesyndication.com https://www.google-analytics.com http://irctclive.nlpcaptcha.in https://www.googletagservices.com https://*.google.co.in https://*.google.com https://cbpssubscriber.mygov.in https://stats.g.doubleclick.net https://cdn.jsdelivr.net https://googleads.g.doubleclick.net;img-src 'self' https://*.google.co.in https://*.google.com;font-src 'self';prefetch-src 'self' https://*safeframe.googlesyndication.com;object-src 'none'
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=21600
Content-Disposition: filename="StationLinguisticNames_popular_en.js"
Connection: keep-alive

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 0961 28 KB
16 KB 94ms
93ms XHR
application/json 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b62fef7e1c8d30d7dd888f3359bb2dfce98f926cc1c2a8520ed60086a26460ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 19 May 2021 20:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16398
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:50 GMT

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 0961 29 KB
16 KB 49ms
49ms XHR
application/json 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

4763a80efee9456fcd92b943175bcdc64fcbe3425d30f607564f15ec73d8226b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 19 May 2021 20:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16767
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:50 GMT

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 0961 29 KB
16 KB 81ms
81ms XHR
application/json 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

61f9ce42c53fdcab7010fcedfb575b2f3836f00f76aaeb83b9b5d8aa8a77b628

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 19 May 2021 20:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16699
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:50 GMT

POST
H3-29 200 reload Show response
www.google.com/recaptcha/api2/ Frame 0961 29 KB
16 KB 56ms
56ms XHR
application/json 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/f-bnnOuahiYKuei7dmAd3kgv/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5b118d77e29b3349dabb0558a8713c02f37dc13d4628f060500dface300c66aa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc4eMQUAAAAAKiHA9VYxsC3cXZYWg5pBqqkCEE3&co=aHR0cHM6Ly93d3cuaXJjdGMuY28uaW46NDQz&hl=en&v=f-bnnOuahiYKuei7dmAd3kgv&size=invisible&cb=tm8aijcuyttz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 19 May 2021 20:46:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16787
x-xss-protection: 1; mode=block
expires: Wed, 19 May 2021 20:46:50 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 43ms
15ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.irctc.co.in

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 42ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.irctc.co.in

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 123 KB
27 KB 637ms
581ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?adys=-9%2C773%2C852%2C1388%2C2161&frm=20&flash=0&abxe=1&ga_hid=184290153&u_w=1600&ohw=0%2C1600%2C1600%2C1600%2C1600&vrg=2021051301&ptt=17&adks=1518368627%2C2190866834%2C4166855723%2C3246008938%2C2411768844&u_sd=1&idt=376&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&msz=0x-1%7C1585x15%7C1585x15%7C1585x0%7C350x0&ifi=1&prev_iu_szs=300x250%2C970x90%7C728x90%2C1200x250%7C970x250%7C970x90%7C728x90%2C970x90%7C728x90%2C300x600%7C120x600%7C160x600&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5&vis=1&gdfp_req=1&bc=31&eid=31060784%2C31061224%2C31060977&scr_y=0&ecs=20210519&dt=1621457212163&dmc=8&u_his=2&sfv=1-0-38&biw=1600&u_ah=1200&oid=3&iu_parts=37179215%2CGPT_NWEB_HOME_UPCOMING_JOURNEY_RIGHT1%2CGPT_NWEB_HOME_TOP1%2CGPT_NWEB_HOME_TOP%2CGPT_NWEB_HOME_CENTER%2CGPT_NWEB_HOME_RIGHT_BOTTOM&cookie_enabled=1&u_tz=120&adxs=-9%2C15%2C15%2C15%2C1005&ga_sid=1621457212&impl=fifs&scr_x=0&ucis=1%7C2%7C3%7C4%7C5&u_h=1200&ga_fc=false&psz=0x-1%7C1600x68%7C1600x2833%7C1600x2833%7C350x0&url=https%3A%2F%2Fwww.irctc.co.in%2Fnget%2Ftrain-search&u_aw=1600&output=ldjh&btvi=-1%7C0%7C0%7C1%7C2&sc=1&ga_vid=1232543964.1621457207&u_java=false&lmt=1621433487&dlt=1621457206831&fws=2%2C4%2C4%2C4%2C4&bih=1200&u_cd=24&correlator=1838407967949337&pvsid=364548725499840

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

e2792888d1b983c846b46bdab69478b811ff6ec9442c68c7156a23b0d2219c23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27460
x-xss-protection: 0
google-lineitem-id: 5629150259,-1,-1,5629150259,5629150259
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138341245402,-1,-1,138341245375,138341245435
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.irctc.co.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 58ms
13ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 26ms
6ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 460 B
276 B 100ms
86ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?eid=31060784%2C31061224%2C31060977&flash=0&adys=332&ga_fc=false&dt=1621457212212&enc_prev_ius=%2F0%2F1&u_ah=1200&btvi=0&u_aw=1600&url=https%3A%2F%2Fwww.irctc.co.in%2Fnget%2Ftrain-search&pvsid=364548725499840&ecs=20210519&correlator=1838407967949337&biw=1600&vis=1&u_tz=120&prev_iu_szs=728x90&adks=2559930305&bc=31&u_w=1600&u_cd=24&oid=3&lmt=1621433487&ga_vid=1232543964.1621457207&abxe=1&iu_parts=37179215%2CGPT_NWEB_ALERTS_AND_UPDATES&bih=1200&output=ldjh&idt=376&ohw=880&ucis=6&msz=830x-1&ptt=17&dlt=1621457206831&ga_sid=1621457212&psz=830x-1&scr_y=0&u_java=false&gdfp_req=1&adxs=385&u_sd=1&cookie_enabled=1&ga_hid=184290153&scr_x=0&fws=516&u_his=2&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&sfv=1-0-38&frm=20&dmc=8&impl=fifs&vrg=2021051301&sc=1&u_h=1200&ifi=6

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

e98658483128da010fbc23272d4320c9479bd70007deaae6b672a8b7ef04b490

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.irctc.co.in
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 container.html Show response
fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CF58 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 19 May 2021 20:46:52 GMT
expires: Thu, 19 May 2022 20:46:52 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7C66 6 KB
3 KB 17ms
8ms Document
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 19 May 2021 20:46:52 GMT
expires: Thu, 19 May 2022 20:46:52 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 83D9 0
0 85ms
84ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKEgF_UARwN29sCFM7b7ac9zp3cSoDmptUyyFx6Z1pvcWpuwka6Vb7I_eXpFie-GrlhfDFXxgdPo9CqkfHCO2pn49WkT_--qNu6VTcfVLTtDxQCZUbgpCi9RYpDef60yEqOhyH36mRIdf5duqrvJBWfTVs_o1WLkpQixxhyTXisXp8hTPZRKp--H29IQrh7ZoX_pSERcOCNMAG_BZr9eUsNpWBLSuUm7kG5GrBY1odNO1JMUxt3Hzhk_CutR9zV1stWd4woSi1uN4TsOgA8Rp5I2xp-BdBc8DJWBryWDL0VUtex-8rqKm8&sai=AMfl-YSvA7UHu4PrAB7jCtOwEGnkR8Kg85MGoHc-AIkSlYHQWOZZvpvUtJc5C5Xo15zzFVR6QxjFWt3fFf3QjcgDm2nUjCBZJFJAzS30SNikp34a4zS-Mja_9Dp6KkMSbW0&sig=Cg0ArKJSzAtmruRyj0DNEAE&adurl=

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 83D9 17 KB
7 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:39:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 422
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:39:50 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 83D9 2 KB
1 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:46:38 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 83D9 0
0 15ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSvfmMSEM2TuxWkzDFJhcZgRUtrsxG1Gl4SOYch0wuzKWvEr_AHNRQ3bOYRFCN2muZMGcOh
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 83D9 118 KB
36 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H3-29 200 8439115253800852816
tpc.googlesyndication.com/simgad/ Frame 83D9 82 KB
82 KB 23ms
9ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8439115253800852816

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02a35d6531766e6921d1a3c3b1994c175fadff8fd2f35fd8eea6b70bf2dacaac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 05:07:20 GMT
x-content-type-options: nosniff
age: 56372
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84003
x-xss-protection: 0
last-modified: Thu, 25 Feb 2021 11:27:44 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:20 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0608 0
0 86ms
86ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuzHeH8inTCqdJCMTPCPNcsH7kBfYuWhXuXPl2kB0jJ9XG3KLzbRQm-Dv9iJmOPCLxlnX-bV2XWDhNUHgFcnHALsRePnLtRFoOthw9kFcAOPSOlLQv3HWRV-Cnt7ZuwcN59wxWbjbB10_nu4duUZ2wJ1CEqrEMB6xarOPScmTGyAMA2-eXjab-TqqDPvheh6oo097lIgYMXmPChJ-1M_0gc-H49NaN_hd4iChRQqf04S3f9bn8pseUvm98Pp9ll6yg98mJKrDfmbwjTDVg6gzSnXBOBxJ3tygb_UdAilRZYdviwrEubvcFGRsWcAkM9Vg&sai=AMfl-YQNrPmnE9TMbrT3GH8AqDsies7HlNPKxrUEPlADjMFyoOXPneoxmOFSexQHm5ddN5EP9Yl1lRIajrwkhzmEnIax_BOZeLIYlc6FN5CtQ-LIg6tRcQAxI_TUwKdJr1s&sig=Cg0ArKJSzPV1ZK2eIEkIEAE&adurl=

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:52 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 0608 17 KB
7 KB 16ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:39:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 422
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:39:50 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 0608 2 KB
1 KB 16ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:46:38 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 0608 0
0 14ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaScEI76CwSLDh6PQT2mc_H-W6KcVbNyP3pgfDRSrgP2VjcVL7fgyE9E_8gdWkAkJJRRaRax
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0608 118 KB
36 KB 27ms
18ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H3-29 200 6551885764375765591
tpc.googlesyndication.com/simgad/ Frame 0608 59 KB
59 KB 21ms
12ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6551885764375765591

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6af3db7d41a1b933cd4c023feed331559344d4243bba394e2b1c14a6b1c42c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 02:27:12 GMT
x-content-type-options: nosniff
age: 497980
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60845
x-xss-protection: 0
last-modified: Thu, 25 Feb 2021 11:28:04 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 02:27:12 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:52 GMT

GET
DATA 200
OK truncated
/ Frame 83D9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0eabb8312618555324ba8ad7f6244e0817878a9902750c92d24528b1167f75c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 0608 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6dd0ee64b020598ed3c8dda9213d7a631670bebe25b1b1d727548462bfeaa9b3

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D92E 624 B
611 B 17ms
16ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 20:46:52 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure IDE=AHWqTUnW63TdvRMiJT7i5xMLx_-gswzcSqYSmiPQ6xWKy2RODpk_3FV_-0t-BdFJ; expires=Mon, 13-Jun-2022 20:46:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CF58 43 KB
21 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1GiUfdbqCWTV7qRIBVVlvlc3A_RAYIrG6J7ydbdWmiPUPZs1PkMN-K5kFG798mwx2pw6KluWhaGivxx0Rl5NnwlpO2FYxIf9YZL0lNxIA2mojRRE1iVhLZx8MpAm54qESFigpoeBo2jjgbSB4BQw6U7I0cg&dbm_d=AKAmf-C-GjP5Y6Xiz5Tg1dd05ME3yuL-mLxie_pY6kfczIOgHdizRUBxZmzhDH1425jBt-Qz3t66r85a7YxHEV93xIqAjRiYRfnBZszYZhxJol2f2kgMiQquI2uJoX6SPjgzmGpjicdSVTbWGrJZfQcRl_IfC15Q2jo_4NMC87BJUaTQ_mGgcdmxVhsfmcMAQ5Ab5Fi7ppQEHjhqg10r0e5x3VYDdN9LGmmIqpH6Xi5z-RG1jDC4xvAyp4aL4N4KLnmqHXKK8eLgb5kZPs2WxrzgxWHuVVCNjkSCsDZKA3UPJQvzzrVsOVPOhCNy6VF6uDuV8vKKYbAQy0q0QeLyGdg1XLhB7dvkJF4_128dfdAa2TN6kBvdfKOs3NxafnIYmDgmPLa8VlC_87yxVN89qQ_a6h5GmZgpTqCSOJLAfkMoXEQ8PeOC9byyoTQvAbfgf1nF-JxE6GUnSEeWBu-gFspR4TfoSPBH7p8M6Xm5iWl4FeLo-bm6aTjOZdt6SINI66USo1j4-s70nkrsWLt7y3RhVvfbq7bS-xblBZMz_0v35hh_pmqh38uzgtvgFdTDA1lyiZdMrFhCeGYsWWYMGLyUZMQm4vEanTDVj6S4-GfcVL2imCGSnn_jWw6wkJYnpyhej3AKFCHhb-HmeTRItsHy4S_0YYbzFIxB3VPeKOBzBy-SSvbY2l57hvzCJyr4tDYxGAeUCk_SgCbgb33FJJU6njNhKjlkO0Gu87ZGy1m-2c2lmhEATaVdOZGrDNTa__2Nst_WBL4PV8xDryc4n_K41s_oxVinOqYecnl4zdS2vtM-jYQF40_QPDU7bFuDN6EGUCL7oy2ymm1A5cbcDnCrhWfB_Jm2vpT7UF33iMFOuGBfQ3DRlOOiB0DQTcOvKA_iEh7KkWbqN8rnVUHbZORo8Hfh1Jips0ixJrwiivTYFt6xaK_0-ponCnRgYpU5AfCeklV-QMvR9wFLRZGfnFyu1IDymGrrBAVNqtunSZNlfj-dr_QA7hiKqlhC-IkK4m0nv5aUjF6aSEsMVN2yUBEzl_hVZ30v66SxY1g0ylZA_5vkBx9PbQURVPdcXE-On3qzLzoklt2QsSMSBl_O2xyK9dW7ndBhRfJlV06-X6HCzjbEx4IE-9gLzOVSbByRAZsmFXcQv4rCD31nGQRZtFcfIZ8zlQQLPMXaykSXebFrp1VKtlh2k1YNzeJr1-3ZUr3o-Ps1-HB9j1_eGErSf-QieYXw_75slHERjG4134GxWGzxjKAb1lWQJocTOn4u1YHYRz1HQaQFiCPATKCnSjnrNZCsMGk4_5glCJAvAZYxS6eldheHKQvIwq_Zobt0bEnXt9Shf6WxdrVepm0Dlp86-SJwm7XKYEPdSoULWcN8jJtztehEKh55Xzt0j1VmuAuWU6KIno7FEYCNUK0-nAQBFlWzIOowrWYPvU9a8EQGozO4E5OYG-kdPw2xmzTU2zCILj6SeslMQbiaqfMYNDvOmPqt4fdfVGUdg0DImS7N6oOGsVF_yMf_544fo37ZbtHMWoM8XjpoKDxwA9JP19gzGtOiq0TqMUskWPSbtFawHStwkGlKwFDQDgJei4VKk6vLUs8KhftvwANUMHzVqXJLassD0FiZ3fONIVBILafi0bu0EfNr8DgVk0UZraR0V0uAct0_bgzEeiLHpt6Q3cpBebwphGr8EUQxIaVlMszChfJ8Pl06eXJ6b6q94hrXKia-uyqEfzP69tjFZD_u3wmhcN0gCTO0Qpd8dl6FCaBDjRiTtg44ghkSE5t6xUjh5v9ND75gE5MhzImv5VYMO23zeVEK3JeW4LT4sLUAVlSB4peBjKMA2Chufp0T7yMNr1v0nkoiIlsY0wV38Petpz_0PpBbfnjXUVVznHiJpkSRz7zfDzEuXt9paVHH890TeK0mfxf5f2SyC8C6CcPhmw41298DX8X6Gi-aUh2NbSlq-oXGd2kUEEYutwU3djWrHVS4yFKnOmNYbuDZmCCxgvqnZ0t-z-Bz5BiLEg7cwFFVbCt1TJoFELa5S47xjnUmbtYRuQgmp7lzohASisClI1wpBFe29wbwIJBR-JqSig_QYkaycmMVWeZ9xppnJ10EfOolNVV_CVVfiCwF3Yji6siHpCw3eSPWasMqIuQ0mAh_1rAyxcUnN7LRIXH6Plu6SK-hLuUEgtqxTEJHEvjn84vHvgrYt8YhVGn6bkGFLnObnSrkNHe7Jcdb_RwdQodSD-jaotcKQ2avErt2vt3xADOu34zff4Et1Ba14c0r9d0PCnr2coCyaBbkVm7ZvbIAATsVPMJwSBHKzYesb8P0XL5T1qtkLnHfh8lSo70enSnKX2czDdaQ2-gvMUS096riWAoy51dnCAaXTCkuIcR93iOBr7gvQOzjNADDjZirQUzZjKoyoW9zQ-vficp4qBP8e4JVUeyFJh_PEH2dxyPU37xnO17uLNs8laNbfTbXZfqHzs8Ml4p0U1aCtoAVP7LuBQGryVZrJvOC1gIm1wDeYSeGZeGJz-Jtj8a_7tnBgf7tusAo1hy9K97sjGOMZRSxEZsYDvzYVNbfosqQnDrsgVDYfOOVCBHoHPmG9nLxo-CNKroFNuLg66iW-DhtDQjAX8cDMhEoVIAxifOYqUFpXBxEQ1LV6gD0LQdow_mV3wyPtIYBESPuJ2wO1Er3DzdF1bg2Ea48zdN01MBiz8XkPdC97NJwUAdjfsUTnBT6mlwCSSIbm6fNgO81vAaeUlidDoib57Aler0sp5Tr--bV_T77LGCAUbJT6LAaKtIq_2EI0ZAuKrSaDraNzV8_WN5HF5euKgTGmFDKWIjLkpXHiUQURU5oZoJc2fhL7G-2z8OjpazZoqbFLZZmbyC9wpPzH_xft7A0marp5RvH_oWKIle_q5iS7koI0KcfNTcyuTi06pDIostlP7Fg9shEBrVkIDJzHPpV7zO-cgPMUSGeXouisvTDSHLILanPn1s6yBpK8rdB3M3qmm_72kI6ASQFFz-RF73RtyXfBa2khU0_T4lP7vsA486PzqAJu6FRet4k3kooxtdSU7e4lgWxyrSFjvWvWCW6zlKS&cid=CAASPeRoSV3HnPys7wYvoguvUDZkI8UYKfeO69qO3-0Xawmg0MkoaJR3qVzBMXiDQnUQWEMLKrPgErH4ocl4SGE&rfl=1%2Chttps%253A%252F%252Fwww.irctc.co.in%252F%240

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6d348bbb96129c1ceac95e383423d00fe428e9bcd326d3926e6ef54f64188c24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21193
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CF58 42 B
498 B 64ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AtkShQZduQZx92FoepvNhPtEZS5K9JXpD8RKON-AWz282ewETk_dPoWXvjXWQTdWS9ZQr_rrDfWPg8lPuEYOOY-LQGgdG9GXJCiCs0Q_9kH3y8_HI

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame CF58 2 KB
1 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:46:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame CF58 13 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:37:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 588
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:37:04 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame CF58 0
0 15ms
14ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQN57MTJCrwYLGLntkM4HwnjrQ_agzyMYX_u6dCcwsCImXU9h27zwyU1cnTE9xFi8pRi0x2
Requested by: Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CF58 118 KB
36 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:52 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 83D9 0
0 147ms
91ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuZBq19EHYh1LVaJqN4xwdtIomwBnSPV6VBDHzTF0Jq5--jYuglUwYJSXUhzr6o7BTOjC3ei9bww_qQtEKQT--VBKiR0H5Yf_VZ3oq9sbseC6SVWp-vP_nE3BUlA3bRnTpPkQB_worWQeFUKg5yUZRKDIIxQ7ThVzJB44PJIAv_8PkyzGJAoTETfPSkE048Vrge0VHiAahLV16KIFnblcfOYH9VVVrOInhwbsrIiXtbPpGFAl12FHxTdt-FxvYmpzmdlaXysMj4qCz_LFyr19tZ_XEOP0nQZnVavV4FQIX0FZ3DYrkZMLV4TTI&sai=AMfl-YSbBMhEQENrTLvMktf6LkdstmFW-5Q3Sj-r4JMpTfjgv1tHxWzrSzfJksTRGDNQPgbxrpiEFYwVGhqdlmLHQi7IC3QTWLqvRVV0W0ujtN1xiu0Xex43jfpkDMm2-lg&sig=Cg0ArKJSzDhm_n7jw-L0EAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:53 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0FD8 624 B
297 B 25ms
24ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnnBzhAMF1yJcK7lcPUCKk5m-l2pHTymKysROKp8WqnP8KbLs7pinAubFERM9U
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 19 May 2021 20:46:53 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7C66 44 KB
21 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CZflFxbHZjCY8bS5BPViNfsN85TJ-VwXtZ23tAkozIc1hQqfBo751RgxCPT6cTkdp5V0rFcxLwhvUEe-TiIHZbtoN7wKcKOkURbq3S5bLlgmnuUN-EP86oH9uuTTSMoCgPufb96aOjBMoupCQJVNOU5kj6cQ&dbm_d=AKAmf-DkjGkV6ujUBhIjDAlcJOdkyot0l1qA_6HwYT7qfrRNyZHXOy7dueih2cUMW52kmQoUU9DBgOj9jnK_wAPFSg_emIMmXZBOiarDAaWWqKuJg3MtstMcpibJXOJ4t9e_9vx6175DugtkKZG5uCMF3_g0P9zBNN2A3fpY4p0Ec_uzHI7IDmWorrVNljiTfe3iui54UeAlHBHtY5Lr-nOwmXfuWR6DHWEZSjUo9PbH5TOEiYBMqrWFoey3E5M8Jl1oO1ie-AaE_eFZGwOIlux43tKmfMX2X6jf7iBptDYs__yDgbmQZKLu6DZMJ4k8J-X_5RltB3a_3ewumzI5Mni1jBZtg0Mt9IDCKYFyyS5fvX3s2DToIqTZzqoIP-c_9dpnRDEzGOGmlqtTX3YN5VUeDd8AqVh8hcNS9bvsZxnv5rEZxk1IESw--KEG8w8HVFG_OBf3GXjmegzahFtHDX6phOM6UQ5KwoKinh8fjyBYRtv9GofPzpwS0WAuE8erDS0Rn5PirJKtAfgWFjDilrZt-BI6SsDr3OWqZG4q8Hv_ov8VxeSns0rnNC5NqQWZEnfjUMulp79HK5pZWquSKCAbR5NmvGuE1Y4GskfS8yLLXzhPv3rav2VR9GT7mOHuBN0GSF04PA0OcDb7j6xmoTG-5I0bStBnT4Y-Fs7wNnRDtt9kLkUC25QF88rLy5MTpajNTzfrc0Mqeu470zJxzKCe397j18Rv5d9ImYbL4od7ASEOEwOH6pFVKLsfGfefKFV4X5I6E3mhQJ0QweSojgPm7FYRyCsDjkcIbwoB4i5njFpqQdc3lLLzwRmeiwSBeqOiN4DkT6uOw4-NgRwV3AwfpmKsW1OQtbotPf3StYo83Z6UvwN2wRkxiw_zEU7McrAwWwjzRv7R0tyyzRIl0-V91fGpffFdDNh5_Mm5Hd2SIvYRozWVM9gxok95hxiL30sa6kZgYLyCvYax2xjLuAvnzcMtQlESPpDDwfpO4Vqh3pgh3yjlhfa663-7IIn1I3mr70A5GSog_xac_NT52d4wIEw-hRwDFD2Z6uwf5iaVdFt-uzlQJ6HgihAQuPeZ0lhu_pu4NPiBLrNQTnIv3IsoqFxDxuerphQwlThIFF9B6jWYj9TVm5bTqRZSNiCE_h-kPQg_KkZvbjoHSs1UtE-RZxhPtooAYvXT_Yh234jxiHALi0cJtPBBnJft_Yt4atTtkYRuehRx8FRSDCseOdvfCw4QCO31WXvcZsl0Cz-fjYbCm947WdTK4hncAtuxLsTpxabcF_cXlZP7x3F58ebqjsDe_1nlrZs1jOHrT0iRRVLtixuV6cvhwJeZLqQHHRuh8jhcpIKy1218zY_H1TvMgaGs8rxTwZInIY7vq_WqNZgTdR98NU59gmHJ5LTG_PR9pSXhNAng1ooH5QGWGR0xKgQl4esAz6HQNbs7Vt9KH9HF7ss7Oe2XuTaP3w-WzARRe-ngwPsojfrQ9SqbignSv4XMDFfbQDAogi5PujBOwMYFVBGpOKUB_kJTrKsnms_u0j7-3K-x8Fj5z7S9uqxATlP_XbjnIXmR5LUKxIPxdo92p3qsK-lxGLqd9mLfYveofy2wCobYJreFKkiw-xdV3S9--apkNEOkxQEZfejINfkHXIM23U0-eGzebSNe0bWKI3Bw_V2wx1sXMe5oyZvUZcKbw_SSsQzeoXDK6YPmjHXWhGxagylbVXHUEzbS_WMhm_iVWODCyFjVDd3Ju10IH8gq5X7ouSNNTsnPlJkXB-IDFaGmFvgj7ZIIjNpvaFtFtIjGcBXVvBVK-PsAc-1-Tq1RTTJRaide2LxsDN08-ej8kjIoLzYMrFNGFt5pWnx5TOQJ8WBhOMSR1itGveX3cgUQYhbvpN5xxMzwsxyk-gRvLFdMG4LRwwsEAi4u2RW05Q5dunQaAm2mzpiH56dLCFcqDNwF1M20yBW-KGx5nG5bCeWytOuMyEp7Rzi4xRIgNvWmtPKUW1tSyVHMXXEgUDbPKNbeRWXNEscsUmMSqfkHYX9XTuBw7XcSXhHaF5krw2aYfGHlRcItTwvZAUGrWJ-HxGd7bgS4FeoKoOJreorzGe3_qRJKyKN8ITAbiol0st7vDvBNgeezBCL258-sW8H0-wzdl6Cz68RFE-XPELzRdPndt7s1KL791a_wnDXY0HLIUzYP3yIzhVtIHXeHjeqO3aJjnEI8WtIsdwpHYSmfgzKaechiaS0FvSUmHATB-c1GjCfRAJ3wlSupOLmyvPY1YKbaIfP5nZmfontyUA5OdgUw2Xn1ZDTZuhgvtjOgkS8NN6N2wazt0OorQ5nz9-pXS36oqMqWNTEFuCmT5yMPLXYzSd2pNsCHSkZyZDgp9YXydIPR3KgoWGbg-KFvbikt3QYklk27cOAJGmnudzYtRrD298DtevyZ4O5SVKd1YDXFvGXFCL2KCMTVC-0rJOXIZ9mjsjaY_GYfabaIFP-ieosggs8t1a25Yv7vI8ximRrlcTcMWGZoh81ci9am8QwjgxpwfDuHtp4UwaB_e3w0G8RKo5SjHED_cs1uHqXmIvsbEbv5wrNgHonPRGo2C1e8QG6JEHvPytJx9rMzo4Ozb1TKZjRCDUydThQ2MxjMlwEz_JR0j19sPrB3uNtX3PEOkfCsU_zWVd9a6EvmlElwiT93dGx4OSgkTLivdzMFPLzfFFcTh7tUDArowFC_sH9XbdT9stuXrcNKufwFs0VKEl6K-N9T5o2SKKJ-g__iDtGvMumlrdiD3p4cXfYpOYkmpSc7upWqMNFJx02FuShQCSjs4uQg8NvHPWiQYpe44d8lh4XpVE6kqRjVcdXjI06_opAw3F2695b5D4EKx9OJ1zHleamm5PqbO_c2VJut7CVX1bXmXPR8BUZX5X4AC04sbPktfepSa07iI78h-fcTGg_7Hley9ged8hzj1lvWcomO57Z5-J8w3woFejRG8Ls4JEIvSYvhZ_sVxB8aUVxRwb9YHJBxeRa-_xgzlZkule_04jgern8Bxo_zP58LEa6_Hj1Yr8osEZ3Y4v7zThdz-owwJja_XYhGiHuekX1Cw7Rabxu4&cid=CAASPeRocJIWPx7BvOdXSv_D6BKsY_6fDjoJP5JPICrsV0o4LfYBTAx6WeNEFOW9MsYubslT9Y9gLKiSdMpqUa4&rfl=1%2Chttps%253A%252F%252Fwww.irctc.co.in%252F%240

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e124fcba4a06960035cba11e44599628ac11bd60183915270787f1cace064597

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21685
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7C66 42 B
107 B 45ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AP2Qo5zyLsUnD6FOvHSkE43k4EBBvAQb4LgwqclvGFr-STIi6gTTdx6t60u_Z1PsL1e_-kN9ipvPwbyQLGbS3Wn6-2pDCdLLQ2utwjW4qUA92DDKY

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 7C66 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:46:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 7C66 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:37:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 589
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:37:04 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7C66 118 KB
36 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:53 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0608 0
0 121ms
92ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuKoWKKCgZVWZZB1gxUl7jM_YXS9eUMNlUjsEg2neJviOg3B8Avqv3cdzvGQ2Vo9BzPBANOUS0Chz5p_yxB4oDo8HCSg4B9teZ9jCxjK5TuSKmRoSONXUnzCpAaj_KB3pLk6ZCJYiMIY-ZpCATEwUcDsrI25aBThcvpsWDuv6Aq3jq4L86j4EX7gc6jQNxWKnnyWySReX7LpuP2fGFS8VkeIYij3qtjIa-n2Dd-dBRjMmvqSIShLcNz7YrSDzHzuCzHhkRaSjbV1-L0okus3aY6Hcgk2dj53RToX7WTbg7vJRbJBfRLWx3Ng2VsQKAwaLcj&sai=AMfl-YRcgybCOqbNMZnyOg5A6RUjCfTeq6JX3MKrnnxWuxM0CSPAp4dIoPDD1Tw7yTT6a4X5wKfK0YdLh-ZnGrLBG_nae8fEG28GMLDYN0qPLKrFbrj283zfZyROftNpCc0&sig=Cg0ArKJSzMtjnqGgx5BdEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:53 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame CF58 22 KB
8 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-C1GiUfdbqCWTV7qRIBVVlvlc3A_RAYIrG6J7ydbdWmiPUPZs1PkMN-K5kFG798mwx2pw6KluWhaGivxx0Rl5NnwlpO2FYxIf9YZL0lNxIA2mojRRE1iVhLZx8MpAm54qESFigpoeBo2jjgbSB4BQw6U7I0cg&dbm_d=AKAmf-C-GjP5Y6Xiz5Tg1dd05ME3yuL-mLxie_pY6kfczIOgHdizRUBxZmzhDH1425jBt-Qz3t66r85a7YxHEV93xIqAjRiYRfnBZszYZhxJol2f2kgMiQquI2uJoX6SPjgzmGpjicdSVTbWGrJZfQcRl_IfC15Q2jo_4NMC87BJUaTQ_mGgcdmxVhsfmcMAQ5Ab5Fi7ppQEHjhqg10r0e5x3VYDdN9LGmmIqpH6Xi5z-RG1jDC4xvAyp4aL4N4KLnmqHXKK8eLgb5kZPs2WxrzgxWHuVVCNjkSCsDZKA3UPJQvzzrVsOVPOhCNy6VF6uDuV8vKKYbAQy0q0QeLyGdg1XLhB7dvkJF4_128dfdAa2TN6kBvdfKOs3NxafnIYmDgmPLa8VlC_87yxVN89qQ_a6h5GmZgpTqCSOJLAfkMoXEQ8PeOC9byyoTQvAbfgf1nF-JxE6GUnSEeWBu-gFspR4TfoSPBH7p8M6Xm5iWl4FeLo-bm6aTjOZdt6SINI66USo1j4-s70nkrsWLt7y3RhVvfbq7bS-xblBZMz_0v35hh_pmqh38uzgtvgFdTDA1lyiZdMrFhCeGYsWWYMGLyUZMQm4vEanTDVj6S4-GfcVL2imCGSnn_jWw6wkJYnpyhej3AKFCHhb-HmeTRItsHy4S_0YYbzFIxB3VPeKOBzBy-SSvbY2l57hvzCJyr4tDYxGAeUCk_SgCbgb33FJJU6njNhKjlkO0Gu87ZGy1m-2c2lmhEATaVdOZGrDNTa__2Nst_WBL4PV8xDryc4n_K41s_oxVinOqYecnl4zdS2vtM-jYQF40_QPDU7bFuDN6EGUCL7oy2ymm1A5cbcDnCrhWfB_Jm2vpT7UF33iMFOuGBfQ3DRlOOiB0DQTcOvKA_iEh7KkWbqN8rnVUHbZORo8Hfh1Jips0ixJrwiivTYFt6xaK_0-ponCnRgYpU5AfCeklV-QMvR9wFLRZGfnFyu1IDymGrrBAVNqtunSZNlfj-dr_QA7hiKqlhC-IkK4m0nv5aUjF6aSEsMVN2yUBEzl_hVZ30v66SxY1g0ylZA_5vkBx9PbQURVPdcXE-On3qzLzoklt2QsSMSBl_O2xyK9dW7ndBhRfJlV06-X6HCzjbEx4IE-9gLzOVSbByRAZsmFXcQv4rCD31nGQRZtFcfIZ8zlQQLPMXaykSXebFrp1VKtlh2k1YNzeJr1-3ZUr3o-Ps1-HB9j1_eGErSf-QieYXw_75slHERjG4134GxWGzxjKAb1lWQJocTOn4u1YHYRz1HQaQFiCPATKCnSjnrNZCsMGk4_5glCJAvAZYxS6eldheHKQvIwq_Zobt0bEnXt9Shf6WxdrVepm0Dlp86-SJwm7XKYEPdSoULWcN8jJtztehEKh55Xzt0j1VmuAuWU6KIno7FEYCNUK0-nAQBFlWzIOowrWYPvU9a8EQGozO4E5OYG-kdPw2xmzTU2zCILj6SeslMQbiaqfMYNDvOmPqt4fdfVGUdg0DImS7N6oOGsVF_yMf_544fo37ZbtHMWoM8XjpoKDxwA9JP19gzGtOiq0TqMUskWPSbtFawHStwkGlKwFDQDgJei4VKk6vLUs8KhftvwANUMHzVqXJLassD0FiZ3fONIVBILafi0bu0EfNr8DgVk0UZraR0V0uAct0_bgzEeiLHpt6Q3cpBebwphGr8EUQxIaVlMszChfJ8Pl06eXJ6b6q94hrXKia-uyqEfzP69tjFZD_u3wmhcN0gCTO0Qpd8dl6FCaBDjRiTtg44ghkSE5t6xUjh5v9ND75gE5MhzImv5VYMO23zeVEK3JeW4LT4sLUAVlSB4peBjKMA2Chufp0T7yMNr1v0nkoiIlsY0wV38Petpz_0PpBbfnjXUVVznHiJpkSRz7zfDzEuXt9paVHH890TeK0mfxf5f2SyC8C6CcPhmw41298DX8X6Gi-aUh2NbSlq-oXGd2kUEEYutwU3djWrHVS4yFKnOmNYbuDZmCCxgvqnZ0t-z-Bz5BiLEg7cwFFVbCt1TJoFELa5S47xjnUmbtYRuQgmp7lzohASisClI1wpBFe29wbwIJBR-JqSig_QYkaycmMVWeZ9xppnJ10EfOolNVV_CVVfiCwF3Yji6siHpCw3eSPWasMqIuQ0mAh_1rAyxcUnN7LRIXH6Plu6SK-hLuUEgtqxTEJHEvjn84vHvgrYt8YhVGn6bkGFLnObnSrkNHe7Jcdb_RwdQodSD-jaotcKQ2avErt2vt3xADOu34zff4Et1Ba14c0r9d0PCnr2coCyaBbkVm7ZvbIAATsVPMJwSBHKzYesb8P0XL5T1qtkLnHfh8lSo70enSnKX2czDdaQ2-gvMUS096riWAoy51dnCAaXTCkuIcR93iOBr7gvQOzjNADDjZirQUzZjKoyoW9zQ-vficp4qBP8e4JVUeyFJh_PEH2dxyPU37xnO17uLNs8laNbfTbXZfqHzs8Ml4p0U1aCtoAVP7LuBQGryVZrJvOC1gIm1wDeYSeGZeGJz-Jtj8a_7tnBgf7tusAo1hy9K97sjGOMZRSxEZsYDvzYVNbfosqQnDrsgVDYfOOVCBHoHPmG9nLxo-CNKroFNuLg66iW-DhtDQjAX8cDMhEoVIAxifOYqUFpXBxEQ1LV6gD0LQdow_mV3wyPtIYBESPuJ2wO1Er3DzdF1bg2Ea48zdN01MBiz8XkPdC97NJwUAdjfsUTnBT6mlwCSSIbm6fNgO81vAaeUlidDoib57Aler0sp5Tr--bV_T77LGCAUbJT6LAaKtIq_2EI0ZAuKrSaDraNzV8_WN5HF5euKgTGmFDKWIjLkpXHiUQURU5oZoJc2fhL7G-2z8OjpazZoqbFLZZmbyC9wpPzH_xft7A0marp5RvH_oWKIle_q5iS7koI0KcfNTcyuTi06pDIostlP7Fg9shEBrVkIDJzHPpV7zO-cgPMUSGeXouisvTDSHLILanPn1s6yBpK8rdB3M3qmm_72kI6ASQFFz-RF73RtyXfBa2khU0_T4lP7vsA486PzqAJu6FRet4k3kooxtdSU7e4lgWxyrSFjvWvWCW6zlKS&cid=CAASPeRoSV3HnPys7wYvoguvUDZkI8UYKfeO69qO3-0Xawmg0MkoaJR3qVzBMXiDQnUQWEMLKrPgErH4ocl4SGE&rfl=1%2Chttps%253A%252F%252Fwww.irctc.co.in%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4c0938e087a40c05a99d723eaf012958e03b048659bed9b36a2bc63f766d32b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:44:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8593
x-xss-protection: 0
server: cafe
etag: 3013172215444160546
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:44:29 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/ Frame CF58 8 KB
3 KB 22ms
8ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:43:13 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF58 0
107 B 194ms
92ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuAaim27Q82g7MFM7H7NCtUTKlJwbbdDNlJxG52r91iRHYAzjkWsjJHAIhp45hAiJTyZV2mSQ_UCtY3PvebQnTy8G3OT9gnERea7okXZXbI5QpIBbn-gSxQ3EcvDX0PJNw6au0rQPRsgDPxPlqwZGbiW7cR6s7pwLDoQKfWudFdUpJRVvf0_g3-GjFzW3huDf4DCBgcZyWjeT-FERUzlktHpBhT21edyqm5EGv52NauKFyYLyiYG_KxYNlQsmIboLE8y3PJUpHVBHzHPjT_MY8wGSX1L1qdgCY_tZXc4au-3TjLgQ82XSA-H1IxBYymteblP5DqxgxJ-ROHyH0BWkgiPWySTDuTF9tIrWzyptfGgBtkf-aZPPPSEDMeTUFEW6uoekNjbssJDKRvrSbXthivwkehwBq3ywAZ2yQFgSAdsnfAJhj88mph1pg-oJa2tgheC67YRMSwYCU7uYYp-P3VZ5XUopreLF8r3T0pkfJUNHl6uwK3YARpjTy8jd8dDgwtG4Z79YGzlzogKfrF-nSaBAwRrWT3A7w3zZpoBSBunb18dnhKpU08llyMVShkUDz6M36k9b3W5szlFxv65uRXs64tAf3ZQ6Ql1ebEOcFmP4Nj-IcEsiDlMxdOUuxCNL9Sdlf1MTLxn7IW8-Ak-krKjPDPqgUQ_6lODtg2FfNtzlTxV2AcuaVgiRCWQrvTTowKyzAPxJJTrimm8daVYUkgfeX333DUrYV2E6C4xLiDqFbkA6xF1Uo66IOuixAlonAdfPea6JpmBVWFL88I0R5LFxJ9pfDkSAGTgRXDBqRI7bjI9XtLt8_GUGcTjtfTNrTUd1pvG6sYigXKav9ZWC-d95e2T-50ngzlaqLGOMjRrH0TPIMUEYSCmfAHHlV8chC85c6SNZljTkCON4QvmOg87TabLlqDc4yBQqzGsjX4ZzhNVe1ARwmN5vAJG4CG47_UhXmHPJe9PXg16TItg3ICyF7ourpNava7zBAuj9TavWQWAY8Ix3ZvythqJM6thxcxAjOYhirCxUOEisRqFWYF3CsiuwoqRFXQKiHOUGjVjfDQ8s7kHF-ty3H59dnVPEYDeveqqTqtaPN9zc8WqAfQ_szg9NOEnCOfvpdEmLUjJTgOxmygA6kYPeYuoqEbOnnXzXnGLOYObtPOWWgrzLm-QzVGu2MRLb8x2CRb5R733lZPEnI&sai=AMfl-YQf1pP6eWJLTK3qhv8Yz94donkz2_yQtl_epeX_QjG4uaGaaelaYX71fw-H3jaaZQ1-3l9lsdVg0Ulo8WJlPhhadzHctZxfVHbs4Dr9HY7TAZW5r1QXHepIcE3E1nGjGZeTjv9Mk3P5eCMWcFS0uV63ej8f1-HjMAhqQi2imEPI9-fO3mBqnveUMqW4Qil3MtHtCv2GMiev_eOMZr4nH07DXoIYYzUsgbzqwyCxtA&sig=Cg0ArKJSzNz7ih33jS61EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210517.71844&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 19 May 2021 20:46:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame CF58 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19551
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 15:21:02 GMT

GET
H2 200 Water-Intake-Campaign-Banner-Intelligent-Protection-2021-GPL-728x90px.gif
s0.2mdn.net/6104523/ Frame CF58 70 KB
70 KB 30ms
6ms Image
image/gif 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6104523/Water-Intake-Campaign-Banner-Intelligent-Protection-2021-GPL-728x90px.gif

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03d7f87c34bc2aa0ffbd948760039722f7493184d574473d337f5c4e085ea68e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:37:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 15:16:15 GMT
server: sffe
age: 58141
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71540
x-xss-protection: 0
expires: Thu, 20 May 2021 04:37:52 GMT

GET
H2 200 Water-Intake-Campaign-Banner-Intelligent-Protection-2021-GPL-728x90px.gif
s0.2mdn.net/6104523/ Frame 7C66 70 KB
70 KB 39ms
18ms Image
image/gif 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/6104523/Water-Intake-Campaign-Banner-Intelligent-Protection-2021-GPL-728x90px.gif

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CZflFxbHZjCY8bS5BPViNfsN85TJ-VwXtZ23tAkozIc1hQqfBo751RgxCPT6cTkdp5V0rFcxLwhvUEe-TiIHZbtoN7wKcKOkURbq3S5bLlgmnuUN-EP86oH9uuTTSMoCgPufb96aOjBMoupCQJVNOU5kj6cQ&dbm_d=AKAmf-DkjGkV6ujUBhIjDAlcJOdkyot0l1qA_6HwYT7qfrRNyZHXOy7dueih2cUMW52kmQoUU9DBgOj9jnK_wAPFSg_emIMmXZBOiarDAaWWqKuJg3MtstMcpibJXOJ4t9e_9vx6175DugtkKZG5uCMF3_g0P9zBNN2A3fpY4p0Ec_uzHI7IDmWorrVNljiTfe3iui54UeAlHBHtY5Lr-nOwmXfuWR6DHWEZSjUo9PbH5TOEiYBMqrWFoey3E5M8Jl1oO1ie-AaE_eFZGwOIlux43tKmfMX2X6jf7iBptDYs__yDgbmQZKLu6DZMJ4k8J-X_5RltB3a_3ewumzI5Mni1jBZtg0Mt9IDCKYFyyS5fvX3s2DToIqTZzqoIP-c_9dpnRDEzGOGmlqtTX3YN5VUeDd8AqVh8hcNS9bvsZxnv5rEZxk1IESw--KEG8w8HVFG_OBf3GXjmegzahFtHDX6phOM6UQ5KwoKinh8fjyBYRtv9GofPzpwS0WAuE8erDS0Rn5PirJKtAfgWFjDilrZt-BI6SsDr3OWqZG4q8Hv_ov8VxeSns0rnNC5NqQWZEnfjUMulp79HK5pZWquSKCAbR5NmvGuE1Y4GskfS8yLLXzhPv3rav2VR9GT7mOHuBN0GSF04PA0OcDb7j6xmoTG-5I0bStBnT4Y-Fs7wNnRDtt9kLkUC25QF88rLy5MTpajNTzfrc0Mqeu470zJxzKCe397j18Rv5d9ImYbL4od7ASEOEwOH6pFVKLsfGfefKFV4X5I6E3mhQJ0QweSojgPm7FYRyCsDjkcIbwoB4i5njFpqQdc3lLLzwRmeiwSBeqOiN4DkT6uOw4-NgRwV3AwfpmKsW1OQtbotPf3StYo83Z6UvwN2wRkxiw_zEU7McrAwWwjzRv7R0tyyzRIl0-V91fGpffFdDNh5_Mm5Hd2SIvYRozWVM9gxok95hxiL30sa6kZgYLyCvYax2xjLuAvnzcMtQlESPpDDwfpO4Vqh3pgh3yjlhfa663-7IIn1I3mr70A5GSog_xac_NT52d4wIEw-hRwDFD2Z6uwf5iaVdFt-uzlQJ6HgihAQuPeZ0lhu_pu4NPiBLrNQTnIv3IsoqFxDxuerphQwlThIFF9B6jWYj9TVm5bTqRZSNiCE_h-kPQg_KkZvbjoHSs1UtE-RZxhPtooAYvXT_Yh234jxiHALi0cJtPBBnJft_Yt4atTtkYRuehRx8FRSDCseOdvfCw4QCO31WXvcZsl0Cz-fjYbCm947WdTK4hncAtuxLsTpxabcF_cXlZP7x3F58ebqjsDe_1nlrZs1jOHrT0iRRVLtixuV6cvhwJeZLqQHHRuh8jhcpIKy1218zY_H1TvMgaGs8rxTwZInIY7vq_WqNZgTdR98NU59gmHJ5LTG_PR9pSXhNAng1ooH5QGWGR0xKgQl4esAz6HQNbs7Vt9KH9HF7ss7Oe2XuTaP3w-WzARRe-ngwPsojfrQ9SqbignSv4XMDFfbQDAogi5PujBOwMYFVBGpOKUB_kJTrKsnms_u0j7-3K-x8Fj5z7S9uqxATlP_XbjnIXmR5LUKxIPxdo92p3qsK-lxGLqd9mLfYveofy2wCobYJreFKkiw-xdV3S9--apkNEOkxQEZfejINfkHXIM23U0-eGzebSNe0bWKI3Bw_V2wx1sXMe5oyZvUZcKbw_SSsQzeoXDK6YPmjHXWhGxagylbVXHUEzbS_WMhm_iVWODCyFjVDd3Ju10IH8gq5X7ouSNNTsnPlJkXB-IDFaGmFvgj7ZIIjNpvaFtFtIjGcBXVvBVK-PsAc-1-Tq1RTTJRaide2LxsDN08-ej8kjIoLzYMrFNGFt5pWnx5TOQJ8WBhOMSR1itGveX3cgUQYhbvpN5xxMzwsxyk-gRvLFdMG4LRwwsEAi4u2RW05Q5dunQaAm2mzpiH56dLCFcqDNwF1M20yBW-KGx5nG5bCeWytOuMyEp7Rzi4xRIgNvWmtPKUW1tSyVHMXXEgUDbPKNbeRWXNEscsUmMSqfkHYX9XTuBw7XcSXhHaF5krw2aYfGHlRcItTwvZAUGrWJ-HxGd7bgS4FeoKoOJreorzGe3_qRJKyKN8ITAbiol0st7vDvBNgeezBCL258-sW8H0-wzdl6Cz68RFE-XPELzRdPndt7s1KL791a_wnDXY0HLIUzYP3yIzhVtIHXeHjeqO3aJjnEI8WtIsdwpHYSmfgzKaechiaS0FvSUmHATB-c1GjCfRAJ3wlSupOLmyvPY1YKbaIfP5nZmfontyUA5OdgUw2Xn1ZDTZuhgvtjOgkS8NN6N2wazt0OorQ5nz9-pXS36oqMqWNTEFuCmT5yMPLXYzSd2pNsCHSkZyZDgp9YXydIPR3KgoWGbg-KFvbikt3QYklk27cOAJGmnudzYtRrD298DtevyZ4O5SVKd1YDXFvGXFCL2KCMTVC-0rJOXIZ9mjsjaY_GYfabaIFP-ieosggs8t1a25Yv7vI8ximRrlcTcMWGZoh81ci9am8QwjgxpwfDuHtp4UwaB_e3w0G8RKo5SjHED_cs1uHqXmIvsbEbv5wrNgHonPRGo2C1e8QG6JEHvPytJx9rMzo4Ozb1TKZjRCDUydThQ2MxjMlwEz_JR0j19sPrB3uNtX3PEOkfCsU_zWVd9a6EvmlElwiT93dGx4OSgkTLivdzMFPLzfFFcTh7tUDArowFC_sH9XbdT9stuXrcNKufwFs0VKEl6K-N9T5o2SKKJ-g__iDtGvMumlrdiD3p4cXfYpOYkmpSc7upWqMNFJx02FuShQCSjs4uQg8NvHPWiQYpe44d8lh4XpVE6kqRjVcdXjI06_opAw3F2695b5D4EKx9OJ1zHleamm5PqbO_c2VJut7CVX1bXmXPR8BUZX5X4AC04sbPktfepSa07iI78h-fcTGg_7Hley9ged8hzj1lvWcomO57Z5-J8w3woFejRG8Ls4JEIvSYvhZ_sVxB8aUVxRwb9YHJBxeRa-_xgzlZkule_04jgern8Bxo_zP58LEa6_Hj1Yr8osEZ3Y4v7zThdz-owwJja_XYhGiHuekX1Cw7Rabxu4&cid=CAASPeRocJIWPx7BvOdXSv_D6BKsY_6fDjoJP5JPICrsV0o4LfYBTAx6WeNEFOW9MsYubslT9Y9gLKiSdMpqUa4&rfl=1%2Chttps%253A%252F%252Fwww.irctc.co.in%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03d7f87c34bc2aa0ffbd948760039722f7493184d574473d337f5c4e085ea68e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 04:37:52 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 15:16:15 GMT
server: sffe
age: 58141
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71540
x-xss-protection: 0
expires: Thu, 20 May 2021 04:37:52 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 7C66 22 KB
8 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4c0938e087a40c05a99d723eaf012958e03b048659bed9b36a2bc63f766d32b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:44:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8593
x-xss-protection: 0
server: cafe
etag: 3013172215444160546
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:44:29 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/ Frame 7C66 8 KB
3 KB 18ms
11ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/omrhp.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 220
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:43:13 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C66 0
61 B 190ms
94ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvklmDqkk_EGy8dkQ44JDvzdp4cIfPd4dx_eXfo6G2fWmIimDeMTtUAW-Ux7bPJCKNp8__-gL0kpiqyFebGFlNq_d-1ibqNg8qvPnnS7d8nmI-XZGhxERANgonsebwbwMdnzRvaE6PGZ_3HYo2ExayrPYSWRd7SEtveofR9u-2neNiUw0XYddIk0lF5vXCT4rDj0uKQMZuNnlWoCtgWuttk2Nle99VVVElpXf48qUGg9fhinrJS7xGKewO2ZlUOB28vw5lwuVPLtYsfAME7lbwHvF_N19jffxZD9gCukhmv6R5m5k5XDVjxXbbNTLCq_gq8mpqk9E331A9wOlszaDzVmC0ElvLGPO30sShs1CwMh8okK5HVMiLSl33gPkJCu0avcJQrglRe08fGqRLnfmXyv0SEMlNrokbXxQ8gR5Cn3Sg1cNlTikik_65_oC0p8gZTvgQlF0FJHoYbshRFmNdXglq2Dm_3UOgeJMm-wA3UQkW0MiWKz5cW13oh_TQDEEGqKKk2idkyR5B7Oqv3yT3jxGkcbRytQJJ7sHebfZ_4rS5y9iS_D647WGblfa9leZmjIj_GWLjWf8KBMkMiaDtWDRzHvXdIc6Z4L9WWXO8PJmKNUwpSaeQzxL6nnWjfciTFOZzZ15dVPVs0aBa0lEtKAA8YDh_F56eDIK89-lI68B3zfKE9QhayBuRzkgve3zBqv9jxE-HtdPfRabEW93XrSxxmejKHNem4qXyn4pXV1uj2eCK9TgTGazSAzp5f3w2n1rXdQYAPHyW9gGU4iEmbiw1RF8-ME7P1lo0dEaylwN9NIQLyz4Q5oAC2lNU6po2C3wVPTHbL2q7OTCACM5rHcNSx_wHGFSxzFzFOZde4fHrTpd8AWf93kzM4TVcVAmlaHnmSn99HLVsH0bB8EHsZxIaKxMeIIGeXhZp_8h47Wl_zQIVjDzTnaKRsX-WrCJqPAgsPc_Htvi5WYclbLM84BFMKmn9EbpFMkeP3hnnzJ1gHTSmLuHTrYJhVjZ-R3w2pOcQG1UP7FSkJT7X_-eqTzBqBlIxW5tOG1BSXqTsxZXemmHneJflJnTbiy9BcSPqJIsZD0ZFSuiBUCWdK0X16mDNjtcAyzvssAje44vCjveh1ulEDQZxDwI-G4QBMv3a6MvpSLMLoFe7PSwIns5vLnRMNZM3ARP3Mnk-KbdUphIEwId9ukaLYOg1iDw&sai=AMfl-YQpYKnvvpCAj3_ZDY1_H9V4Xm4IpmYqUp0_2wPCPGSb2gaVFy8fSvCuPHqoUsoBNASTyppuyL9b-rWwsmENMRxVYwRURRDQy8EpJRaZNqkqomqgFEfuFVMp6TBtgoM-bAJDvn03b77jEhyn97HXR5EblcW4zkXU7dEG6RNl8cMeP4mlsPJLoEOtTtyiwsFOhuz_m8tgVIhDGH0MgUUedlNqhJTlbKDVBEuESquQVw&sig=Cg0ArKJSzPHW7Lt1VxdDEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210517.35629&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 19 May 2021 20:46:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7C66 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19551
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 15:21:02 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D92E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

43 B
1014 B

85ms
57ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 20:46:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D92E
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKV5PZyaNdoE41pUN.vuBQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1&google_hm=2

43 B
894 B

90ms
90ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 20:46:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame D92E
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

43 B
1 KB

101ms
65ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXUIY_mVhJvzfX1zEmWb_54-gTH4PgbOGexUwzRp34Yaf6TEWO3wxHdDXrM-lNNZ49-bEc3LrCrCNm1ElBfkQGZyxzEeQmY1qL3Jlvz4er9O9RsNm_rw11TrhkA7tn4bhIkAQISRrqQYtERZq8BV0jYLowe2xYpfNNyCwfkWkdpiTOjjCcSfti3_iihOUDHAyM8WG5jKYCVXonfp8d28tePRe_akQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.47:80
AN-X-Request-Uuid: 0e241d2f-ebf6-4d9a-b250-54c22e2e0ecd
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame D92E
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNjEzMjQwMjczNDkxODAwNA%3D%3D

170 B
188 B

95ms
57ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNjEzMjQwMjczNDkxODAwNA%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.103:80
AN-X-Request-Uuid: 26320ceb-c94f-4c9c-a0b4-24e2d5beec27
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODYxNjEzMjQwMjczNDkxODAwNA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0FD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

43 B
1014 B

166ms
98ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 20:46:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 0FD8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YKV5PRRWOiyWPdfAa9jBxAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1

43 B
894 B

104ms
103ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 19 May 2021 20:46:53 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEATsmZxICVDE-uZBPYFQVc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 0FD8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

43 B
1 KB

91ms
44ms

Image
image/gif

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-nFxDv2IkCGI7cyaEBMAE&v=APEucNXJEDi208QY0EmqYyRvsk5zPz8XbICnvKLmcVxVWblg83kIBUJX-9nSk-umfyK3Xvwc4P3pHfLuGka1DMj6nMaTdQy9_QFYDfGnS4WnoLbwZFXItSfOC27IJHk3TVYBcwkRSIs2HQaGGxK4hWngBKrKwOplQ6F_QslQiRBOx0HE9FWn-Ku_z70UlqAopX_47Pd0lZihH8cyxd5qeQ6qL_Lhdixr-Q

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid: d3170e84-c990-4f24-9729-faf3b7649897
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFgQPZ-jo5VehWp-OnCqtJU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0FD8
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ2MjYyMTMzNTU5MDk3MjA3OQ%3D%3D

170 B
188 B

106ms
57ms

Image
image/png

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ2MjYyMTMzNTU5MDk3MjA3OQ%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:53 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.222.241:80
AN-X-Request-Uuid: f34af364-3efa-4888-b177-f628c497ffd3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ2MjYyMTMzNTU5MDk3MjA3OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 21D9 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 19 May 2021 15:21:02 GMT
expires: Thu, 19 May 2022 15:21:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19551
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D713 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 19 May 2021 15:21:02 GMT
expires: Thu, 19 May 2022 15:21:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19551
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CF58 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 16293c5ed94c1b9bd6b602c130be9e4d02bc25613b8f2d6a1975317cc1416bd8

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7C66 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f459a3a2ed70ae6454d0ce1e993ad13c43d8f470414a6387f41f7df58213a614

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CF58 0
60 B 138ms
89ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7C66 0
528 B 136ms
88ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 21D9 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 19332
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame D713 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 19332
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D713 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bwnc4PXmlYM-OA8_V3wPt6qXoCwAAAAA4AeAEAg&bg=!4OOl46fNAAZ7hX_Ue4U7ACkAdvg8WjbP7Dd-dYg84VBm6U_yRip3VBYcNFm89wTXl3D9Aa_VG7QwugIAAACoUgAAAAxoAQcKABRQloschzD7NK8DpEQYCQ6KFCsFHpkCqzxf6NwBtZwpGolgj5mq6npk2zTyZ8k_rvj8xerqOjrzsbn0Yxr5jLD8G5W6WKaqiuOQDNZz6oHJvehQMkQ8vVij-Wv8lnG4m-LTc8korK__ziozFfTfR9_6rMXly1tvRy6CRLjuLqVtlDPS2D5Y11Rp1MfMw0VAXs5q8omH8H8SlAL2B212QC6yssNcG1yiSsxaHZsy5ZEE8-9vvqw0zbPouclapvFlDypqj5IIhCCfRsh3YrrwLgLPNcZa4JEJePeUphpnG_AN5pWEoo48-BVIbKKiXnVaH7eHFI-ebAUdMO2LAok-M38SgyN0rjGBjBGAMEHIVjEOFBj2tDx1wAYtAgi0PpLDQ-zpP9rDUHygilpeOCtnndYx-DEPPT5hwYzPCxwXPxT8y-wl6o4pug2PgSwEfl0tB4L6kGwoA83a1z8ouKEGfiMveV-Tv4CuLJ3R-qgRe-UbSMWBQdulpWvHh339BIML4-iHkOg-F4WVBs6KetRxh0l3o5LUBx445QSkgK2oPVDyRD0ltWQ2tyY6Rz1RCqjIGakIFFQ82uYSx2sGybcO1FFxmICwz8zknC_OC15oP_LuB2DHr-NYdXIf4BF9Zd-GP_bpYYXn1ZxqyMjbhpHJBwWKa1IquCgmVrkWcuJ10nM9ul-j7DqOqisnSFux6PO4AgCtjG6MQekvmeYmZaGdUB-JjEATi7Ji1ePr5uwK3yvqPn_aAj9rtLmbQbrryNSzl7BjE_cRTM32hSKBFRWngJkO59YF56ZXeOVtrQM-amlmtUADm3GEajtHYadgih6CyVCmwOIqIqi4q7ChNnmdWCgrVyyoyF-G2bi1VJKxOVx2skoPpsR4sUeFJ0P8cOGkO4gboRRb-4BEOGMOL7eNtK42Q5sDJPxQd6d9aatX1U54nfVe

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 21D9 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFXQsPHmlYM7lPMaE3gOwt7ugCwAAAAA4AeAEAg&bg=!9fal9rLNAAZ7hX_Ue4U7ACkAdvg8WnqnI--9Tr0WyevbhJCUZsiMYiixBmg3yskjh0JGSq_WecowkQIAAAC3UgAAAAtoAQeZAorr-fZmDhtd_7fBA5uPEavn-oXibd84Fturz2eYNLbXav_dccoOiFjZ1Jbl6dG7Wwz7UWMw9FxrwNCne5rUeR-c6ijJZep8p56LJOvygT3MLl8dHjPKeZk-0J9C052lAjLWpKE4cHoFwY3XfPiPlOu7oGBerihG2YSRplh-YDf52dfjElcY6OEHUhX1kpmN5YtVcV1UYMZ751-1-_dUwn7CozROfWgSg9d6O5GruT49VBHRsCg780vnwVSZgle-6eoxx1qZG7NK26puTMJV9hIgUyIO9TrOEcGFio_nPRzroJyPDozsMPI5ZcBRSaY0CS94KOC6gB4IRUs-lNd1LpJTBNm4Lex931iwH3prdPSCr8Usq4mQCChPkeMKUORo6Dmipp2qNB8LfSOAPwlfO2aYPi97IuBCSJpw_ET5lvV3ya-ZVJ88rWc3iLPokBe2BZXqd97n-5Hv0BfgqmzclkjH9QfVSdGduGCfvdN0hA3sopZtELWJUJlxBPQ0bD_j3OP6OO8nd4zNH9xcIJUZGqGA6zEh3qnUiE2QHs_DUEIqBnDtigC5d1tSOrZKflKUm7csB7tez7aaviw4vYy-VW17m2AZSJe25nKEJnUm8fj-3F0KzkjTN4QUmhG9u3AkKwUntYmbPH9Rz5iujmYG4ISBN7PSac_bI2ckeh9xs1ZWqxrqjckIPORQ1A6lmBOrsYhdDiTZdGnBsDZAvIFKCzGhtRtOL3D9VCHEWEj2wngKYiSdKsxUPgbuCMEQJekajmF0WhpwuI-c4IWcAb5lpFLLx9ciXCgVxMTTkHQnabRJy6wR6vwWFIiWA9xOUvxJy4UQa0NMw_aWufKEWpuIAJpghrwjxCtTkog_tw

Requested by

Host: fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
URL: https://fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 32ms
19ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021051301&st=env

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a8df4de6ff47a99b7116cb698e5bdcf0fd102568ef368af8d0172c493bc7eb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7729
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:53 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame A1F1 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.irctc.co.in/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 20:41:21 GMT
expires: Thu, 19 May 2022 20:41:21 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 332
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame A1F1 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 19332
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021051301&jk=364548725499840&bg=!np2lndnNAAZ7hX_Ue4U7ACkAdvg8Wrj7cQ0OWvr1VgBWk5-Tcw_x-qgc73Ue_sozwAyhNdVzetWCRQIAAABhUgAAAAxoAQcKASiugg8yhnNHHjcYIZOM4d-j1iDB0lgVc2VTSMYrLw9ChSLp7S1vuAED4QaR3UXFK5a5aMQOcug3yNSs7V3aSe9zK4HzCNzbYkO4OtyfInrsdPqYngo4C3mmWlSoyi7NRptiCED8JE7x9fPRMpwQc0s4HqiMmOwnPfuYr1OgcPL1Oi3riCzYxYDYrcVHwW6ep_Fb979KKss7V_KIXif2m2BPbsYWVrS5s5p8WfGTSL7vGhrBGDU_lBfBePRX3wPXoJtcZSQOr4F8o71YLZYAK2juR-EeN5hT-5c36YuhJWwRFsCsrb37hlWqKcBzJ8xQKCoaElHrvlBPpPDVwCGRI5Mtsr8ZvzwRSjGO2qIPu05FFaMYOQD6HwGLNLlOAsLG4bqhnNl7ppHTlZkCSoJGec2IJj2Nhy4asKr3996AqSlwuB7nZCoDBh-3c0ZHDJtobR5ZJCA6Kv7SaCGnGFXcM_YkBGBz-DyuOlhDwIf1cEuMN1ZBnLFxYxLsY0_cnKt16tS90SPr7GIzu-OOpkb0LnW5IQjINjRIk7Wgg4t0alzOLtlaVrNqyzSeirlDFTx-fn1FfsJ1BaH9ytzXptyddDgSVuah8bDnaJ2I_ZB9-8XtKV9rml0UV26s7C1c6WiPulQ0ADXbj_XIN53q2nAKPlNx7VNar5ndatLD-ZHpFOYBR7H3FAjBpHBQZD4SJ7VsSmpbSLjn_RHzDRRCsaK0-ZJX9oswXRifv3pwyYdmSdj-Lk4fEP7CQK57TvKZXGPN97RRbT7-LLPZBa0mjXDMPfDn87aBZqR_elBXyGB9phqQIsBX7cPJZMCX9Brx_UwVARs4wLB6ceS0GBNc91LuHYbmvgDyuNOs5mEcq_6kvvWXqOf1PH0xntXRTfRjUHVSMkcEdhIjj97hmYCIe8bKEb5A1R2YS47RyDLHS6gccoz-hF_l_tyRI00MM78cSanl3zEnBNzdT2Jt4lBbDsCEdFR3fABlI4hpCKFhXVqVy7BIY4C9jKH689-P4noaHbmZAGoDWwU9BP0JY3eMI2pnsk9yVc0K2k-dfUuwDHiYEBcXcBv_FKe8rAEMBekwh9k3DyXGp3LY_76Aj8DlXeF_b2KIA6A2wfUOh6bQ3WHvk-oTCwYb-KYWVdr0Qhuv8O6f5ibg5C8a31U6PBx_OhAwOXFmSNL6Yrk

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK chatbotlib.min.js Show response
assistant.corover.mobi/irctc/demo/res/ 477 B
666 B 662ms
221ms Script
application/javascript 40.80.84.221
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://assistant.corover.mobi/irctc/demo/res/chatbotlib.min.js
Requested by: Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/main-es2015.a0b1e3d4001754a85557.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 40.80.84.221 Pune, India, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 239cf7acb6b194a9c983131ce7c82bc408f0979a0c76176c3cd24f8f4f8ff35f

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:54 GMT
Content-Encoding: gzip
Last-Modified: Wednesday, 19-May-2021 20:46:54 GMT
Server: nginx/1.14.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK chatbot-irctc.js Show response
assistant.corover.mobi/irctc/demo/res/ 14 KB
4 KB 209ms
209ms Script
application/javascript 40.80.84.221
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://assistant.corover.mobi/irctc/demo/res/chatbot-irctc.js?1621457214814
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/demo/res/chatbotlib.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 40.80.84.221 Pune, India, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 83e9759b5b5cf1273f186fbb0ee5b079e9ab7e6146d4f8969622c78c48b0f8cb

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:54 GMT
Content-Encoding: gzip
Last-Modified: Wednesday, 19-May-2021 20:46:54 GMT
Server: nginx/1.14.1
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 19ms
19ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-122267849-1

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/demo/res/chatbot-irctc.js?1621457214814

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3fea9b6530ccb2944060453d4a826b56816098e5028caf91f12a16b9614980c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35702
x-xss-protection: 0
last-modified: Wed, 19 May 2021 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H/1.1 200
OK / Show response
assistant.corover.mobi/irctc/coroversdsm/ Frame 423B 2 KB
2 KB 209ms
208ms Document
text/html 40.80.84.221
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://assistant.corover.mobi/irctc/coroversdsm/
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/demo/res/chatbot-irctc.js?1621457214814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 40.80.84.221 Pune, India, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 2e0099f3f326288b347f6e1f67f4622eda7417ab7c411e8d781ab842d66dedc6

Request headers

Host: assistant.corover.mobi
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.irctc.co.in/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

Server: nginx/1.14.1
Date: Wed, 19 May 2021 20:46:55 GMT
Content-Type: text/html
Content-Length: 1845
Last-Modified: Wed, 19 May 2021 18:39:09 GMT
Connection: keep-alive
ETag: "60a55b4d-735"
Accept-Ranges: bytes

GET
H/1.1 200
OK corover_cuboid_widget.html Show response
assistant.corover.mobi/irctc/coroversdsm/ Frame 8898 757 B
995 B 418ms
208ms Document
text/html 40.80.84.221
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/demo/res/chatbot-irctc.js?1621457214814
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 40.80.84.221 Pune, India, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 2af7b320cb2908c9c52a5ed0895174676d88b8996cf17a7dd7d3f3d1a2d828a0

Request headers

Host: assistant.corover.mobi
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.irctc.co.in/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.irctc.co.in/

Response headers

Server: nginx/1.14.1
Date: Wed, 19 May 2021 20:46:55 GMT
Content-Type: text/html
Content-Length: 757
Last-Modified: Wed, 19 May 2021 18:39:09 GMT
Connection: keep-alive
ETag: "60a55b4d-2f5"
Accept-Ranges: bytes

GET
H/1.1 200
OK cls-btn-red.png
uiresource.ap-south-1.linodeobjects.com/irctc/ 22 KB
22 KB 539ms
172ms Image
image/png 2400:8901::f03c:92ff:fe35:a93f
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uiresource.ap-south-1.linodeobjects.com/irctc/cls-btn-red.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2400:8901::f03c:92ff:fe35:a93f Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: /
Resource Hash: 3a84ba17099d6b1fb2021f0ab217c670c0151fe6f61f988b4c4e28846765d628

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Last-Modified: Tue, 16 Mar 2021 10:02:48 GMT
x-amz-request-id: tx00000000000000c871291-0060a5793f-2faf54e-default
ETag: "b4b8dda2332e02ef78b09e7d34f0f533"
Content-Type: image/png
x-rgw-object-type: Normal
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22487

GET
H/1.1 200
OK DEALS....png
uiresource.ap-south-1.linodeobjects.com/irctc/ 48 KB
48 KB 541ms
173ms Image
image/png 2400:8901::f03c:92ff:fe35:a93f
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uiresource.ap-south-1.linodeobjects.com/irctc/DEALS....png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2400:8901::f03c:92ff:fe35:a93f Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: /
Resource Hash: 8600726486c2065e1f5c13a5f7fdeaff05ac6098bb5c6d9726e5f93f1e7ae345

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Last-Modified: Tue, 16 Mar 2021 08:37:09 GMT
x-amz-request-id: tx00000000000000c8660a8-0060a5793f-2fb8465-default
ETag: "a0d1b95e2322359dd994df02289f4cff"
Content-Type: image/png
x-rgw-object-type: Normal
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 49140

GET
H/1.1 200
OK disha.png
uiresource.ap-south-1.linodeobjects.com/irctc/ 197 KB
197 KB 541ms
173ms Image
image/png 2400:8901::f03c:92ff:fe35:a93f
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uiresource.ap-south-1.linodeobjects.com/irctc/disha.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2400:8901::f03c:92ff:fe35:a93f Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: /
Resource Hash: 8f0fcc561a2268e82f7168dee0444e4ff9c27cb341c72aa158fc689cd0fd49f1

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Last-Modified: Tue, 16 Mar 2021 08:37:26 GMT
x-amz-request-id: tx00000000000000c93498c-0060a5793f-2fbc58f-default
ETag: "722c59f3679696dbf2483bff7e66985a"
Content-Type: image/png
x-rgw-object-type: Normal
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 201302

GET
H/1.1 200
OK deals.gif
uiresource.ap-south-1.linodeobjects.com/irctc/ 160 KB
161 KB 542ms
173ms Image
image/gif 2400:8901::f03c:92ff:fe35:a93f
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uiresource.ap-south-1.linodeobjects.com/irctc/deals.gif
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2400:8901::f03c:92ff:fe35:a93f Singapore, Singapore, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software: /
Resource Hash: ed8fbef7f77598c4d97e103ba0fb20e0b06ea664811a770ed6428e03f9246e64

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Last-Modified: Tue, 16 Mar 2021 10:03:09 GMT
x-amz-request-id: tx00000000000000c810aec-0060a5793f-2fb8550-default
ETag: "2e56f512c5bdb20ee9c984ba89786cca"
Content-Type: image/gif
x-rgw-object-type: Normal
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 164122

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
12ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=184290153&t=pageview&_s=1&dl=https%3A%2F%2Fwww.irctc.co.in%2Fnget%2Ftrain-search&ul=en-us&de=UTF-8&dt=IRCTC%20Next%20Generation%20eTicketing%20System&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=1209931930&gjid=1246639098&cid=1232543964.1621457207&tid=UA-122267849-1&_gid=2012370895.1621457207&_r=1&gtm=2ou5c1&z=1097228672

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.irctc.co.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-122267849-1

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 4619
date: Wed, 19 May 2021 19:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 19 May 2021 21:29:56 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
88 B 15ms
15ms XHR
text/plain 2a00:1450:400c:c0a::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j90&tid=UA-122267849-1&cid=1232543964.1621457207&jid=1209931930&gjid=1246639098&_gid=2012370895.1621457207&_u=aEDAAUAAAAAAAC~&z=1611282116

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/polyfills-es2015.40cfe05d9af70a574859.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 19 May 2021 20:46:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.irctc.co.in
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 30ms
30ms Image
image/gif 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-122267849-1&cid=1232543964.1621457207&jid=1209931930&_u=aEDAAUAAAAAAAC~&z=91875166

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 29ms
28ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j90&tid=UA-122267849-1&cid=1232543964.1621457207&jid=1209931930&_u=aEDAAUAAAAAAAC~&z=91875166

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.irctc.co.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 423B 62 KB
21 KB 56ms
55ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

5f99c5764db9c19a1d7acc7498d61cd306b11dd19d4ce2153d1025884d70abcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 778 of 1000 / last-modified: 1621442467"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21353
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 adScriptIRCTC.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/ Frame 423B 36 KB
6 KB 7ms
7ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js?cb=1621450000

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

02327590e52860efc310e8e16c0d9ae0abeab9f483aa8ad7fac4024113bdcdac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 33723
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 6093
etag: W/"91af-Kxvhfpn+Lyb5Dgcl9Vchl7Ufs+8"
x-served-by: cache-fra19179-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 423B 126 KB
33 KB 211ms
82ms Script
application/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js?cb=1621450000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:42:44 GMT
content-encoding: gzip
server: Server
age: 250
etag: 8975e8311e479cf7d71d71133ee2dff8
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 daa2f44af77ac5ed09ff4b0024dfcd5d.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: UvG1FEADV3LMz7Hk0417XjcR3jN8HnTR
x-amz-cf-id: mjggXTj9I2wUJnW6mC0_barMKQWW4JtNKoMcrmhPJl06b9kj2PYuhw==

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 423B 62 KB
21 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js?cb=1621450000

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ad35eab5d65725ea3bc3743e3497bae5800e47a8e6fab22dcd9f8a31c947f69e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 951 of 1000 / last-modified: 1621442467"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21352
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 adScript.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/ Frame 423B 348 KB
109 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js?cb=1621450000

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

61cd6b8219f6cc7f2a6f6640e246a0ab1a0890aff678ec2abcba309e3173dac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2684
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 111208
etag: W/"56f23-FasWj1oSkcT3CUc7ZSFV3GjmLJc"
x-served-by: cache-fra19172-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ Frame 423B 39 B
194 B 136ms
44ms XHR
application/json 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?fields=status,message,countryCode&key=LWKtz4EzQwMJRyQ
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js?cb=1621450000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , France, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: af9eb3a938860edea7a76064cf555cdc116d01cd6c5944e8518cea1d9deeb9de

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 20:46:55 GMT
Content-Length: 39
Content-Type: application/json; charset=utf-8

GET
H3-29 200 pubads_impl_2021051301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 423B 306 KB
108 KB 55ms
55ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 08:39:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110161
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

POST
H/1.1 200 438.json Show response
id5-sync.com/g/v2/ Frame 423B 213 B
540 B 179ms
45ms XHR
application/json 54.36.109.22
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/438.json

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.22 , France, ASN16276 (OVH, FR),

Reverse DNS

p09.id5-sync.com

Software

Resource Hash

7689049185b048b9982a8a60c532b95c6ad4ea361db56788df938051ec25b5d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://assistant.corover.mobi
Date: Wed, 19 May 2021 20:46:54 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 423B 0
120 B 175ms
80ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 423B 14 KB
6 KB 73ms
73ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

a571f46b710739fcefbfd0c92ef6eb1b3e277cac22fdfa083cbd346679146805

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.84:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: acba6294-b583-4cd3-8914-6a572ba84c13
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 423B 23 B
638 B 154ms
59ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.25.0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 74760e0cb345b1fbec60d76f803af9f5a41e820b9e1b9e832942bc1e3e8e04e7

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://assistant.corover.mobi
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 423B 15 B
514 B 192ms
106ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

POST
H2 200 adreq Show response
ads.servenobid.com/ Frame 423B 87 B
366 B 201ms
72ms XHR
application/json 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=10085
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e393e1e3b916c47156ee3940141442fb6a3efc765a4b58dc3adfe6584f351f36

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://assistant.corover.mobi
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 423B 0
152 B 138ms
46ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.25.0&cb=10282456036
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:55 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H2 204 mvo Show response
tag.1rx.io/rmp/230378/0/ Frame 423B 0
178 B 144ms
49ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/230378/0/mvo?z=1r&hbv=4.25,2.1
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 423B 0
152 B 136ms
46ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.25.0&cb=58454291766
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:54 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 423B 145 B
1 KB 66ms
66ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

018aa6c2e0d1313e708e22c4aba5b0a5ad6ece4f8ece4b8501debc87c114b0cd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.147:80
AN-X-Request-Uuid: 49e94fa8-1c6e-49ab-9fe8-8de87fff2a1a
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 8898 62 KB
21 KB 55ms
55ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

414dd9d36ab19a5ea14293db8584fe6d1f3667025942854ded4848c307e1bdf0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 400 of 1000 / last-modified: 1621442581"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21299
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 script.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/IrctcWidget_new/ Frame 8898 31 KB
11 KB 7ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/IrctcWidget_new/script.js?cb=1621450000

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

873de75e66b18a4bf70b8579573e016ad5a2bb002b61a0d86dde172c400af419

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 33847
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 11082
etag: W/"7d5f-mtz64l6drPvAwuFGtECjFLu8Z1Q"
x-served-by: cache-fra19143-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 css2
fonts.googleapis.com/ Frame 8898 2 KB
623 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Montserrat&display=swap

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d496bd4394d421bab059ad0b5581d861d8a98fdd9f02adacf1057d521fd6e426

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 19:23:03 GMT
server: ESF
date: Wed, 19 May 2021 20:46:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 adScriptIRCTC.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/ Frame 8898 36 KB
6 KB 6ms
6ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

02327590e52860efc310e8e16c0d9ae0abeab9f483aa8ad7fac4024113bdcdac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 33723
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 6093
etag: W/"91af-Kxvhfpn+Lyb5Dgcl9Vchl7Ufs+8"
x-served-by: cache-fra19179-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK get_irctc_data Show response
cricket.unibots.in/ Frame 8898 388 B
750 B 659ms
182ms XHR
application/json 172.105.34.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cricket.unibots.in/get_irctc_data
Requested by: Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 172.105.34.228 Mumbai, India, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1986-228.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e381638d5bd35819b15f603159edcf4cf7905a34e5bd8751f01faa2c34228c2d

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:56 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Auth-Token
Content-Length: 388

GET
H/1.1 200
OK get_score Show response
cricket.unibots.in/ Frame 8898 785 B
1 KB 734ms
211ms XHR
application/json 172.105.34.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: https://cricket.unibots.in/get_score
Requested by: Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 172.105.34.228 Mumbai, India, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1986-228.members.linode.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a4c601ad7f985123c3c5370dcac8e5a3c0987502795f351d97fd9acb30fc82c5

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:56 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST,OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,Auth-Token
Content-Length: 785

GET
H/1.1 200
OK cricket1.svg
newsbot-images.s3.ap-south-1.amazonaws.com/main/ Frame 8898 2 KB
2 KB 665ms
167ms Image
image/svg+xml 52.219.64.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://newsbot-images.s3.ap-south-1.amazonaws.com/main/cricket1.svg
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/corover_cuboid_widget.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.219.64.115 Mumbai, India, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ap-south-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 76f386410779f4ebb5c79771e4d9a4448c0d00e5e47537098c0af7e6d5b98ad8

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:57 GMT
Last-Modified: Fri, 05 Feb 2021 12:14:13 GMT
Server: AmazonS3
x-amz-request-id: RQEAD34S820YQQ22
ETag: "1e3533d211b4ba696ae49f74be37f97f"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 2025
x-amz-id-2: Gze/kHzKdDpUNcFctXdkJm7uDtWXPMg38V+S1sMs1CXqEbwCnEkH1T7/y+wtprY7F0bSCWKbLHU=

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 8898 123 KB
33 KB 96ms
96ms Script
application/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:43:33 GMT
content-encoding: gzip
server: Server
age: 201
etag: 6bda376aea84df42909484ff0d20f22a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 daa2f44af77ac5ed09ff4b0024dfcd5d.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
timing-allow-origin: *
x-amz-version-id: pKCSkQJD8y22np.l_SKDofT5u.7_rGpc
x-amz-cf-id: WFHZgajkLHCJMOJazHxBfy7p08PnyJLcq9zyiOQjlmIJrX1dyGixlw==

GET
H3-29 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 8898 62 KB
21 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa175032adacd2fed8bd1f40a81bb9d811ae603113b133d34f53bcb629a4ef58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 26 of 1000 / last-modified: 1621442467"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21348
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 adScript.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/ Frame 8898 348 KB
109 KB 6ms
5ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

61cd6b8219f6cc7f2a6f6640e246a0ab1a0890aff678ec2abcba309e3173dac0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2684
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 111208
etag: W/"56f23-FasWj1oSkcT3CUc7ZSFV3GjmLJc"
x-served-by: cache-fra19172-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK / Show response
pro.ip-api.com/json/ Frame 8898 39 B
194 B 45ms
44ms XHR
application/json 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json/?fields=status,message,countryCode&key=LWKtz4EzQwMJRyQ
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScriptIRCTC.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , France, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: af9eb3a938860edea7a76064cf555cdc116d01cd6c5944e8518cea1d9deeb9de

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 19 May 2021 20:46:55 GMT
Content-Length: 39
Content-Type: application/json; charset=utf-8

GET
H3-29 200 pubads_impl_2021051301.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 8898 306 KB
108 KB 56ms
56ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

sffe /

Resource Hash

4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 08:39:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110161
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame 423B 23 B
376 B 115ms
114ms XHR
text/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.irctc.co.in%2F&pr=https%3A%2F%2Fwww.irctc.co.in%2F&pid=h9kx3cUIFNBRT&cb=0&ws=320x48&v=7.64.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22320x50%22%5D%2C%22sn%22%3A%22%2F22140546871%2Firctc.co.in_hb_320x50%22%7D%5D&cfgv=0&pubid=8282b9c6-324d-4939-b1ea-958d67a9e637&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
via: 1.1 daa2f44af77ac5ed09ff4b0024dfcd5d.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C2
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://assistant.corover.mobi
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: QWUk3WBX8_P912N6zaHtawBvP0gB0I5EPjXlyKHYCXwAueSOZjcFHA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 423B 6 KB
3 KB 136ms
46ms XHR
application/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 17:05:14 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 13302
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: KuKaEjZ-ixFPi0Lspbd91FTXdzVmgfh6t5qeOn3jv94lrztik7A76w==

POST
H/1.1 200 438.json Show response
id5-sync.com/g/v2/ Frame 8898 213 B
540 B 103ms
43ms XHR
application/json 54.36.109.22
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/438.json

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.36.109.22 , France, ASN16276 (OVH, FR),

Reverse DNS

p09.id5-sync.com

Software

Resource Hash

f3a1b478a42f1cfb0bfd7cf614c800435e4e74f81d609169f8f819e89bc689e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://assistant.corover.mobi
Date: Wed, 19 May 2021 20:46:54 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 8898 0
306 B 144ms
143ms XHR
text/plain 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=8282b9c6-324d-4939-b1ea-958d67a9e637&u=https%3A%2F%2Fwww.irctc.co.in%2F
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
via: 1.1 daa2f44af77ac5ed09ff4b0024dfcd5d.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C2
x-cache: Miss from cloudfront
access-control-allow-origin: https://assistant.corover.mobi
cache-control: max-age=86087, s-maxage=86400
access-control-allow-credentials: true
x-amz-cf-id: YDMk3jEolG9HI5qhN3rrYr-T3eQA1y53sKc_WprAN24n6VStqk4sCg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 8898 6 KB
3 KB 77ms
51ms XHR
application/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 17:05:14 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 13302
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 07 Apr 2021 05:49:36 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eEYYOb32LZFr6yGAi8hXG4401uAIPew2
via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-C2
content-type: application/javascript
x-amz-cf-id: a1msSEUj8BW-av_ooKM34po0wEjGUKRkM3meuvZjiVLjLyepAiSZ0Q==

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 423B 14 KB
6 KB 70ms
70ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5afc4e04ff2f476323977f6db9d805219810fbc2182cac0cb19c3adeee03aec0

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.140:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0455546c-bcb8-4dc7-b82c-ed6516a1bfbb
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 423B 24 B
639 B 49ms
49ms XHR
application/json 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_4.25.0
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6cae9f6c94b05bc9ccb9a8e34190badac45e82f4fbe8db2fe25a4854c39edb20

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://assistant.corover.mobi
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 423B 0
152 B 46ms
46ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.25.0&cb=17710673801
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:54 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 423B 145 B
1 KB 110ms
110ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

14be86ffc9beb3642db206634b75a577d2772567ea14130c69bd9191f226eeee

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.79:80
AN-X-Request-Uuid: 8f1b2393-392b-4beb-a3f7-1064ecb2e59e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ Frame 423B 87 B
365 B 65ms
65ms XHR
application/json 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=8154
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e393e1e3b916c47156ee3940141442fb6a3efc765a4b58dc3adfe6584f351f36

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://assistant.corover.mobi
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 423B 0
64 B 81ms
81ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 423B 15 B
514 B 99ms
98ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

POST
H2 204 mvo Show response
tag.1rx.io/rmp/230378/0/ Frame 423B 0
178 B 46ms
46ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/230378/0/mvo?z=1r&hbv=4.25,2.1
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 423B 0
152 B 46ms
46ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.25.0&cb=48329996091
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:54 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ Frame 8898 23 B
376 B 99ms
99ms XHR
text/javascript 13.32.18.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.irctc.co.in%2F&pr=https%3A%2F%2Fwww.irctc.co.in%2F&pid=wRbVHzleqhAzb&cb=0&ws=0x0&v=7.65.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F22142075243%2Firctc.co.in_cb_300x250_1%22%7D%5D&cfgv=0&pubid=8282b9c6-324d-4939-b1ea-958d67a9e637&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.18.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-18-121.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
via: 1.1 daa2f44af77ac5ed09ff4b0024dfcd5d.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-C2
vary: User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://assistant.corover.mobi
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: dtgTCH97NUrQLNfbJ4wa3YEffR_6qaMDEeavNRkYGOfzPaUbPP_T_Q==

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8898 0
64 B 116ms
116ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 8898 15 B
514 B 67ms
66ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

POST
H2 204 mvo Show response
tag.1rx.io/rmp/230378/0/ Frame 8898 0
178 B 51ms
50ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/230378/0/mvo?z=1r&hbv=4.25,2.1
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8898 143 B
1 KB 175ms
175ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

239f1f05c3ebba6708774ad0398580f618d904f22eca47a83b601395c4debea2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.49:80
AN-X-Request-Uuid: 997e4c39-4415-45e3-a44e-10f21c50e40f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 143
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 mvo Show response
tag.1rx.io/rmp/230378/0/ Frame 8898 0
178 B 62ms
62ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/230378/0/mvo?z=1r&hbv=4.25,2.1
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ Frame 8898 0
64 B 114ms
114ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://assistant.corover.mobi
date: Wed, 19 May 2021 20:46:54 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8898 145 B
1 KB 57ms
57ms XHR
application/json 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

02876f916505c20e9872b65d4f62bb8809c926aa94cdd11b84c4f127ca6c641a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.168:80
AN-X-Request-Uuid: db4a4dac-5df1-489d-a16d-41d231993fff
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid-request Show response
onetag-sys.com/ Frame 8898 15 B
514 B 60ms
60ms XHR
application/json 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 423B 107 B
122 B 31ms
16ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=assistant.corover.mobi

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 423B 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=assistant.corover.mobi

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 423B 7 KB
4 KB 140ms
140ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1648945033911647&correlator=3615385018453657&output=ldjh&impl=fifs&eid=31060854%2C21068030&vrg=2021051301&ptt=17&rdp=1&sc=1&sfv=1-0-38&ecs=20210519&iu_parts=22140546871%2Circtc.co.in_hb_320x50&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&prev_scp=amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_source%3Dclient%26hb_deal_oftmedia%3D1074139%26hb_deal%3D1074139%26hb_size%3D320x50%26hb_pb%3D0.03%26hb_adid%3D230f2837ca65d69%26hb_bidder%3Doftmedia&eri=1&cdm=assistant.corover.mobi&bc=31&abxe=1&lmt=1621449549&dt=1621457215666&dlt=1621457215246&idt=198&ea=0&frm=24&biw=-12245933&bih=-12245933&isw=320&ish=48&oid=3&adxs=0&adys=0&adks=3461485115&ucis=pkvu89lzxvs0&ifi=1&ifk=963367692&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fassistant.corover.mobi%2Firctc%2Fcoroversdsm%2F&ref=https%3A%2F%2Fwww.irctc.co.in%2F&top=https%3A%2F%2Fwww.irctc.co.in%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=320x-1&msz=320x-1&ga_vid=1571161063.1621457216&ga_sid=1621457216&ga_hid=571776390&ga_fc=false&fws=256&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

6898c733e938bf436c7be9f24dda28307663866f8f5390b7cce4459804047643

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4196
x-xss-protection: 0
google-lineitem-id: 5507777958
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138326824038
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 423B 0
0 46ms
14ms Other
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ Frame 423B 0
0 6ms
6ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ Frame 8898 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=assistant.corover.mobi

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ Frame 8898 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=assistant.corover.mobi

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 8898 33 KB
12 KB 226ms
225ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3398252998961862&correlator=2685502333050327&output=ldjh&impl=fifs&eid=31060988%2C31060998%2C31061181&vrg=2021051301&ptt=17&rdp=1&sc=1&sfv=1-0-38&ecs=20210519&iu_parts=22142075243%2Circtc.co.in_cb_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=amznbid%3D2%26amznp%3D2&eri=1&cust_params=amznbid%3D0%26amznp%3D0&cdm=assistant.corover.mobi&bc=31&abxe=1&lmt=1621449549&dt=1621457215814&dlt=1621457215462&idt=158&ea=0&frm=24&biw=-12245933&bih=-12245933&oid=3&adxs=-12245933&adys=-12245933&adks=2695154674&ucis=6ohz3hixctk3&ifi=1&ifk=3320953875&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&nhd=1&url=https%3A%2F%2Fassistant.corover.mobi%2Firctc%2Fcoroversdsm%2Fcorover_cuboid_widget.html&ref=https%3A%2F%2Fwww.irctc.co.in%2F&top=https%3A%2F%2Fwww.irctc.co.in%2F&vis=1&dmc=8&scr_x=-12245933&scr_y=-12245933&psz=0x-1&msz=0x-1&ga_vid=1019233467.1621457216&ga_sid=1621457216&ga_hid=165194758&ga_fc=false&fws=768&ohw=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

79aa74d9de150ee242cbdb7d30180d71cac35123b55a919cef4f1234da47fdbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12677
x-xss-protection: 0
google-lineitem-id: 5515074143
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138342930986
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://assistant.corover.mobi
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8898 0
0 28ms
15ms Other
text/html 2a00:1450:4001:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:801::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame BB1A 0
0 88ms
87ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvmEhP6H3Qtnaq6qup4pD4uqcNAWAWdFipxigRV19ktbQZos9t40XuTWv17AO2434dabAUefRcMlqiQjVF7Leppj-fiFewk49PEOrW1N-67wIPHyjztEs2iO1YhlG8a6vhaRHa9jAhKOmtSxDmNvUyPmxEjchWF7Lm-iVePx2hFAJYZVDQo7w0fFjGEopgIjdYrjBAiDBEwt5MaSKC9r8QV7ZU1A6mvxAD6Agt-1kIBmpcUh5Hu9MIb6JXKpuE3qjtKpy47xCH87f0efpA0Jexgra-BB4I2ooXWu2zy6MINTtnTxvQHnuYRJifgosXan3hENoM&sig=Cg0ArKJSzHVO7OMCVMpFEAE&urlfix=1&adurl=

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 adpb_creative.js Show response
cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/ Frame BB1A 25 KB
9 KB 8ms
7ms Script
application/javascript 2a04:4e42:1b::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adpb_creative.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

292f24f8a4465ef95c3bec147a67791d5085a8240beff0356d3fabd0018b87e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 29696
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
content-length: 8649
etag: W/"6573-a8/qrO5JskneWxAGiHWf5V38CtE"
x-served-by: cache-fra19122-FRA, cache-hhn4049-HHN
date: Wed, 19 May 2021 20:46:55 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB1A 118 KB
36 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 423B 73 KB
27 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 423B 11 KB
8 KB 19ms
19ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021051301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8814fe4bc278b01a362b4e0aa06913b4326335a6a5a2d1e72ee57645a154a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8177
x-xss-protection: 0

GET
H3-29 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame BB1A 8 KB
4 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

413dbaabe884bded8ca6f791212d7089fea725e70f77e6c61f8a728910e61103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:41:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 18 May 2021 16:13:46 GMT
server: sffe
age: 304
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3774
x-xss-protection: 0
expires: Wed, 19 May 2021 21:41:51 GMT

GET
H2

200

controller
ssl.connextra.com/servlet/ Frame BB1A
Redirect Chain

https://ssl.connextra.com/Betsson/selector/image?client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impression_1x1&_cb=342014636&apnauc=3906773628412651985
https://ssl.connextra.com/servlet/controller?service=DDM_Betsson_PL_Casino_Impression_1x1&pubhost=assistant.corover.mobi&image=image%2Fgif&client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impress...

631 B
760 B

44ms
44ms

Image
image/gif

104.109.91.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssl.connextra.com/servlet/controller?service=DDM_Betsson_PL_Casino_Impression_1x1&pubhost=assistant.corover.mobi&image=image%2Fgif&client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impression_1x1&_cb=342014636&apnauc=3906773628412651985
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.109.91.205 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-91-205.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0859f5f9bf49348ef81d01f953d520c10a2a857961ef1bfad4a7903609889de5

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-length: 631
content-type: image/gif
x-served-by: vlp-cxtadsrv01.connextra.net
expires: Wed, 19 May 2021 20:47:08 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:55 GMT
vary: *
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
location: https://ssl.connextra.com:443/servlet/controller?service=DDM_Betsson_PL_Casino_Impression_1x1&pubhost=assistant.corover.mobi&image=image%2Fgif&client=Betsson&placement=DDM_APN_Betsson_PL_Casino_Impression_1x1&_cb=342014636&apnauc=3906773628412651985
expires: Wed, 19 May 2021 20:46:55 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
x-served-by: vlp-cxtadsrv13.connextra.net

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/209/ Frame BB1A 87 KB
30 KB 138ms
42ms Script
application/x-javascript 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/209/trk.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d4f87eb2fd81448ae30cbd4d65fb30d717d22e580ca7d481b8c3f7473318b7cc

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:55 GMT
Content-Encoding: gzip
Age: 46336
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 30037
X-Served-By: cache-lga21974-LGA, cache-hhn4067-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Wed, 19 May 2021 07:54:33 GMT
Server: AkamaiNetStorage
X-Timer: S1621457216.953757,VS0,VE0
ETag: "6e3cd651011131b57d34070ddf9fc80c:1621410873.256288"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Thu, 19 May 2022 07:54:38 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 1, 526881

GET
H/1.1 200
OK it
ams1-ib.adnxs.com/ Frame BB1A 0
825 B 172ms
51ms Image
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams1-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fwww.irctc.co.in%252F&e=wqT_3QK0DPBMNAYAAAMA1gAFAQi_8pWFBhDR05mbqL3pmzYY9NL9ldLYqcl3KjYJ5hN5knTNvD8R5jc0vMz9qD8ZAAAAYI9CI0Ah5jc0vMz9qD8p6BMJJNAxAAAAgOtR2D8wlviQCjiUXUCYOUgCUMqTzX1YyKySAWAAaPGTrAF4uZAFgAEBigEDVVNEkgUG8E-YAcACoAEyqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigKVAXVmKCdhJywgMTQ1MzA0MSwgMTYyMTQ1NzIxNSk7dWYoJ2knLCAyMTYzNk4dAABnAToYMjM0MTkwNkY7ACxjJywgNDQzMjc4NjRGHgAscicsIDI2MzQwODA3Oh8A9BcBkgKRBCFuMmRwNVFpX2xQVVVFTXFUelgwWUFDRElySklCTUFJNEFFQUFTSmc1VUpiNGtBcFlBR0FFYUFCd0FIZ0FnQUVBaUFFQWtBRUFtQUVBb0FFS3FBRUtzQUVBdVFIVXhkaTRzczI4UDhFQjFNWFl1TExOdkRfSkFRQUFBQUFBQVBBXzJRRUFBQUFBQUFEd1AtQUJ1WWVFQWZVQmZyNUdQcGdDQUtBQ0FiVUNBQUFBQUwwQ0FBQUFBT0FDQU9nQ0FQZ0NBSUFEQVpnREFhSUREZ2lvbk40UEVBc1lBaTBBQUFBQXVnTUpRVTFUTVRvek9UZzQ0QVBBSzRBRTJOTG1CWWdFa3RQbUJaQUVBWmdFQWNFRUFBQQGaAZAESkIBBw0BFDJBUUE4URG5ZEFBQUlnRmxCLVFCWWFNUEpnRnVNZVJGYWtGARsBARA4RC14QgEvJE1EUDEtZ193UVUBVBhBejlmSVA4LigABF9SBSgNAQAyBSgBAcBEd1AtQUY4MWZ3QlpLbDhRWDRCZkhYV0lJR0ExVlRSSWdHQkpBR0FaZ0dBS0VHTXpNBQIsNXotb0JnU3lCaVFKAUYNAQBSDQgBAQBaAQUNAQBoDQhIQUFBQzRCZ28umgKJASFkeEVmeDoVAjB5S3lTQVNBQUtBQXhNBWtgTXo1ejg2Q1VGTlV6RTZNems0T0VEQUswawFOAe0Md1AxRQEJCQEARhEYDEFBQUcdGABHHRgASB0Y9GkBSGdB2AIA4AL2h1zqAhhodHRwczovL3d3dy5pcmN0Yy5jby5pbi-AAwCIAwGQA9vHQZgDF6ADAaoDAMADrALIAwDYA4nALuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xOTYuMjQ3LjE4MC4xNDioBACyBA8IABABGMACIDIoADAAOAK4BADABADIBADSBA43MzIwI0FNUzE6Mzk4ONoEAggB4AQB8ATKk819iAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFlo0C-gUECAAQAIoGRHF3OUVLQzBBQUFBREFBa0NCUUVJXzdYZ0JoRDhxc0VDR0lfYjBBSWdCaWdBUVBpRjB3VkkwNWpUQlZEQUsxalVKUS4ukAYAmAYAogYPMTE5MjQjQU1TMTo0ODIwuAYAwQYAAAAAAADwP9AGqSXaBhYKEAAAAAANkgUBKBAAGADgBgHqBjp1jbQQNTI2NDdOWwQoaScsIDU1MTY2ODc2eAQ48gZKCIaMPBJEM3c2OEdDZYnwRkRBQWtDQlFFSTAtV3RCaENEX2JBQ0dLWGx0QUlnQnlnQVFOeVE4UVJJamJlREJWREFLMWpVSlEuLoAHAYgHAKAHAboHDwgAAZ8AICGTMPMXQADIB7mQBdIHDQkFugiAQUABHgzaBwYICcYsBwDqBwIIAPAH1bMT&s=1206218bf72b462ae95bbebd6046d168607607ba

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.81:80
AN-X-Request-Uuid: 6d8a5f2f-ef9d-49eb-9755-444c0f8601ef
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 impl_v72.js Show response
www.googletagservices.com/dcm/ Frame BB1A 37 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v72.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f630a191b479def3ee0f7408cfec54c5e6cad83fec65155d68ef83dcd381714

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 08:41:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 20:34:47 GMT
server: sffe
age: 43503
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15545
x-xss-protection: 0
expires: Thu, 19 May 2022 08:41:52 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 423B 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:55 GMT

GET
H2 200 B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3... Show response
ad.doubleclick.net/ddm/adi/N244601.273391APPNEXUS/ Frame 5AD7 37 KB
19 KB 212ms
104ms Document
text/html 172.217.16.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N244601.273391APPNEXUS/B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3mSdM28P9FpZoPqpTc2dGm_IsWmknc_eaVgAAAAABY8RAGULgAAmBwAAAIAAADKSbMPSJYkAAAAAABVU0QAVVNEAEABMgDxCQAAAAABAQUCAAAAANYAqSYgyAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521dxEfxQi_lPUUEMqTzX0YyKySASAAKAAxMzMzMzMz5z86CUFNUzE6Mzk4OEDAK0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgA%2Fcca%3DNzMyMCNBTVMxOjM5ODg%3D%2Fbn%3D84025%2Fclickenc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=2,https%3A%2F%2Fwww.irctc.co.in%2F$0;xdt=1;crlt=xW3_d'_DV6;gcsr=m;osda=2;sttr=16;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v72.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f6.1e100.net

Software

cafe /

Resource Hash

b9e20cb67aca5164b559f59b7f110860d6901420c998d0a5ed229ed1fd78e79b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad.doubleclick.net
:scheme: https
:path: /ddm/adi/N244601.273391APPNEXUS/B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3mSdM28P9FpZoPqpTc2dGm_IsWmknc_eaVgAAAAABY8RAGULgAAmBwAAAIAAADKSbMPSJYkAAAAAABVU0QAVVNEAEABMgDxCQAAAAABAQUCAAAAANYAqSYgyAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521dxEfxQi_lPUUEMqTzX0YyKySASAAKAAxMzMzMzMz5z86CUFNUzE6Mzk4OEDAK0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgA%2Fcca%3DNzMyMCNBTVMxOjM5ODg%3D%2Fbn%3D84025%2Fclickenc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=2,https%3A%2F%2Fwww.irctc.co.in%2F$0;xdt=1;crlt=xW3_d'_DV6;gcsr=m;osda=2;sttr=16;prcl=s
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnnBzhAMF1yJcK7lcPUCKk5m-l2pHTymKysROKp8WqnP8KbLs7pinAubFERM9U
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 19 May 2021 20:46:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 18518
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 48DC 52 KB
17 KB 140ms
45ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=11924&pub_id=1941071
Requested by: Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://assistant.corover.mobi/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=8616132402734918004; anj=dTM7k!M41.D>6NRF']wIg2In=fr*O#!@wnfH8K6pQK`!5=E<*L5?%K57^W!R5d6hF25a_g8mE9La_o#(@./3r[RFyP%nugO%v4VB%no2>*8n1r; icu=ChgIxvBxEAoYASABKAEwv_KVhQY4AUABSAEKGAjPvHYQChgBIAEoATC_8pWFBjgBQAFIARC_8pWFBhgB
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 14 May 2021 05:43:20 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 19 May 2021 20:46:55 GMT
Age: 54205
X-Served-By: cache-lga21946-LGA, cache-hhn4062-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1244300
X-Timer: S1621457216.983241,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK rd_log Show response
ams1-ib.adnxs.com/ Frame BB1A 0
825 B 133ms
65ms Script
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.irctc.co.in%2F&e=wqT_3QLJDvBMSQcAAAMA1gAFAQi_8pWFBhDR05mbqL3pmzYY9NL9ldLYqcl3KjYJ5hN5knTNvD8R5jc0vMz9qD8ZAAAAYI9CI0Ah5jc0vMz9qD8p6BMJJNAxAAAAgOtR2D8wlviQCjiUXUCYOUgCUMqTzX1YyKySAWAAaPGTrAF4uZAFgAEBigEDVVNEkgUG8E-YAcACoAEyqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigKVAXVmKCdhJywgMTQ1MzA0MSwgMTYyMTQ1NzIxNSk7dWYoJ2knLCAyMTYzNk4dAABnAToYMjM0MTkwNkY7ACxjJywgNDQzMjc4NjRGHgAscicsIDI2MzQwODA3Oh8A9BcBkgKRBCFuMmRwNVFpX2xQVVVFTXFUelgwWUFDRElySklCTUFJNEFFQUFTSmc1VUpiNGtBcFlBR0FFYUFCd0FIZ0FnQUVBaUFFQWtBRUFtQUVBb0FFS3FBRUtzQUVBdVFIVXhkaTRzczI4UDhFQjFNWFl1TExOdkRfSkFRQUFBQUFBQVBBXzJRRUFBQUFBQUFEd1AtQUJ1WWVFQWZVQmZyNUdQcGdDQUtBQ0FiVUNBQUFBQUwwQ0FBQUFBT0FDQU9nQ0FQZ0NBSUFEQVpnREFhSUREZ2lvbk40UEVBc1lBaTBBQUFBQXVnTUpRVTFUTVRvek9UZzQ0QVBBSzRBRTJOTG1CWWdFa3RQbUJaQUVBWmdFQWNFRUFBQQGaAZAESkIBBw0BFDJBUUE4URG5ZEFBQUlnRmxCLVFCWWFNUEpnRnVNZVJGYWtGARsBARA4RC14QgEvJE1EUDEtZ193UVUBVBhBejlmSVA4LigABF9SBSgNAQAyBSgBAcBEd1AtQUY4MWZ3QlpLbDhRWDRCZkhYV0lJR0ExVlRSSWdHQkpBR0FaZ0dBS0VHTXpNBQIsNXotb0JnU3lCaVFKAUYNAQBSDQgBAQBaAQUNAQBoDQhIQUFBQzRCZ28umgKJASFkeEVmeDoVAjB5S3lTQVNBQUtBQXhNBWtgTXo1ejg2Q1VGTlV6RTZNems0T0VEQUswawFOAe0Md1AxRQEJCQEARhEYDEFBQUcdGABHHRgASB0Y8EZIZ0HYAgDgAvaHXOoCGGh0dHBzOi8vd3d3LmlyY3RjLmNvLmluL_ICEQoGQURWX0lEEgcxNDUzMDQx8gISCgZDUEdfSUQSCHE5LPICEQoFQ1BfSUQSCHEvEPICDQoIAT0YRlJFURIBMAUQHFJFTV9VU0VSBRAADAkgGENPREUSAPIBDwFYEQ8QCwoHQ1AVDhAQCgVJTwFgCAcyMWXKAPIBIQRJTxUhOBMKD0NVU1RPTV9NT0RFTAErFADyAhoKFjIWABxMRUFGX05BTQVxCB4KGjYdAAhBU1QBPhBJRklFRAE-HBQKCFNQTElUAU0ACBHY8JqAAwCIAwGQA9vHQZgDF6ADAaoDAMADrALIAwDYA4nALuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xOTYuMjQ3LjE4MC4xNDioBACyBA8IABABGMACIDIoADAAOAK4BADABADIBADSBA43MzIwI0FNUzE6Mzk4ONoEAggB4AQB8ATKk819iAUBmAUAoAX______wEFGAHABQDJBQAFARTwP9IFCQkFC3QAAADYBQHgBQHwBZaNAvoFBAgAEACKBkRxdzlFS0Nlz_BGREFBa0NCUUVJXzdYZ0JoRDhxc0VDR0lfYjBBSWdCaWdBUVBpRjB3VkkwNWpUQlZEQUsxalVKUS4ukAYAmAYAogYPMTE5MjQJqiA0ODIwuAYAwQYBejAAAPA_0AapJdoGFgoQCREZASgQABgA4AYB6gY6da3JEDUyNjQ3TnAFKGknLCA1NTE2Njg3No0FNPIGSgiGjDwSRDN3NjhHOs8AQDAtV3RCaENEX2JBQ0dLWGx0Ac84eWdBUU55UThRUklqYmVELs8AKIAHAYgHAKAHAboHIZZMABgAIAAwADjzF0AAyAe5kAXSBw0pVAiAQUABHgjaBwYhTTgYAOAHAOoHAggA8AfVsxM.&s=71bfac3639032d2838314f97da7568497c7f9b88&bdref=https%3A%2F%2Fwww.irctc.co.in%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fwww.irctc.co.in%2F,https%3A%2F%2Fassistant.corover.mobi%2Firctc%2Fcoroversdsm%2F,https%3A%2F%2Fassistant.corover.mobi%2Firctc%2Fcoroversdsm%2F&

Requested by

Host: assistant.corover.mobi
URL: https://assistant.corover.mobi/irctc/coroversdsm/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:55 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.71:80
AN-X-Request-Uuid: 824e52b1-5cfd-4e2f-a142-97178074628f
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 31AB 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 20:41:21 GMT
expires: Thu, 19 May 2022 20:41:21 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 334
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 31AB 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 19334
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
DATA 200
OK truncated
/ Frame BB1A 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d5286b6ef663cd4f98b325fc60fc518fa2b0ccb6e4a0aa7e3b3b8c8a93c35d02

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame BB1A 0
855 B 62ms
62ms Ping
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.irctc.co.in%2F&e=wqT_3QK0DPBMNAYAAAMA1gAFAQi_8pWFBhDR05mbqL3pmzYY9NL9ldLYqcl3KjYJ5hN5knTNvD8R5jc0vMz9qD8ZAAAAYI9CI0Ah5jc0vMz9qD8p6BMJJNAxAAAAgOtR2D8wlviQCjiUXUCYOUgCUMqTzX1YyKySAWAAaPGTrAF4uZAFgAEBigEDVVNEkgUG8E-YAcACoAEyqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigKVAXVmKCdhJywgMTQ1MzA0MSwgMTYyMTQ1NzIxNSk7dWYoJ2knLCAyMTYzNk4dAABnAToYMjM0MTkwNkY7ACxjJywgNDQzMjc4NjRGHgAscicsIDI2MzQwODA3Oh8A9BcBkgKRBCFuMmRwNVFpX2xQVVVFTXFUelgwWUFDRElySklCTUFJNEFFQUFTSmc1VUpiNGtBcFlBR0FFYUFCd0FIZ0FnQUVBaUFFQWtBRUFtQUVBb0FFS3FBRUtzQUVBdVFIVXhkaTRzczI4UDhFQjFNWFl1TExOdkRfSkFRQUFBQUFBQVBBXzJRRUFBQUFBQUFEd1AtQUJ1WWVFQWZVQmZyNUdQcGdDQUtBQ0FiVUNBQUFBQUwwQ0FBQUFBT0FDQU9nQ0FQZ0NBSUFEQVpnREFhSUREZ2lvbk40UEVBc1lBaTBBQUFBQXVnTUpRVTFUTVRvek9UZzQ0QVBBSzRBRTJOTG1CWWdFa3RQbUJaQUVBWmdFQWNFRUFBQQGaAZAESkIBBw0BFDJBUUE4URG5ZEFBQUlnRmxCLVFCWWFNUEpnRnVNZVJGYWtGARsBARA4RC14QgEvJE1EUDEtZ193UVUBVBhBejlmSVA4LigABF9SBSgNAQAyBSgBAcBEd1AtQUY4MWZ3QlpLbDhRWDRCZkhYV0lJR0ExVlRSSWdHQkpBR0FaZ0dBS0VHTXpNBQIsNXotb0JnU3lCaVFKAUYNAQBSDQgBAQBaAQUNAQBoDQhIQUFBQzRCZ28umgKJASFkeEVmeDoVAjB5S3lTQVNBQUtBQXhNBWtgTXo1ejg2Q1VGTlV6RTZNems0T0VEQUswawFOAe0Md1AxRQEJCQEARhEYDEFBQUcdGABHHRgASB0Y9GkBSGdB2AIA4AL2h1zqAhhodHRwczovL3d3dy5pcmN0Yy5jby5pbi-AAwCIAwGQA9vHQZgDF6ADAaoDAMADrALIAwDYA4nALuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xOTYuMjQ3LjE4MC4xNDioBACyBA8IABABGMACIDIoADAAOAK4BADABADIBADSBA43MzIwI0FNUzE6Mzk4ONoEAggB4AQB8ATKk819iAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFlo0C-gUECAAQAIoGRHF3OUVLQzBBQUFBREFBa0NCUUVJXzdYZ0JoRDhxc0VDR0lfYjBBSWdCaWdBUVBpRjB3VkkwNWpUQlZEQUsxalVKUS4ukAYAmAYAogYPMTE5MjQjQU1TMTo0ODIwuAYAwQYAAAAAAADwP9AGqSXaBhYKEAAAAAANkgUBKBAAGADgBgHqBjp1jbQQNTI2NDdOWwQoaScsIDU1MTY2ODc2eAQ48gZKCIaMPBJEM3c2OEdDZYnwRkRBQWtDQlFFSTAtV3RCaENEX2JBQ0dLWGx0QUlnQnlnQVFOeVE4UVJJamJlREJWREFLMWpVSlEuLoAHAYgHAKAHAboHDwgAAZ8AICGTMPMXQADIB7mQBdIHDQkFugiAQUABHgzaBwYICcYsBwDqBwIIAPAH1bMT&s=1206218bf72b462ae95bbebd6046d168607607ba&type=nv&nvt=5&jm=1003&px=0&py=0&bw=320&bh=50&sid=3468441651089450545&vd=ct~0|rr~0&sv=209&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21249046&cid=3&cr=nv&sw=1600&sh=1200&pw=320&ph=50&ww=320&wh=48&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/209/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:56 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.155:80
AN-X-Request-Uuid: 754904bc-2791-4e17-9117-9a1211b89081
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame BB1A 0
0 87ms
86ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstFwplmmTmbQgcE20cddc0EgxQhcCWrIINgluI7-HToYUBxJPx3PWUA4QdHAzSa6jUUA-WLf8Og9zpcFfpFgo1eLjj6k6EH9FQx-qul423ZtXrnH6Nd_aFuv2cy3SdbjxQORn5-_yq_WZOoVNRti-dG60pPsOlcJVjri2Yn_rDSqb54yF8mrusXnfoVYXu8FXoCAlH4O6yZC3-yvFQdG-WxnvR3zPdjwfn-4PSOwkUEWFyRQ-xmFjDMNNXr8m3Md4RmGb3GONNP6U1LQONSVtIudyx7JJhSWAr58ltp5OaRaFiFptOC1Ar58hZHc6SXu7mkNyafVA&sig=Cg0ArKJSzMb5dR7AimvyEAE&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2C65 0
0 89ms
88ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssH2YGI1zGTTtPfNuRDW9_om-IJF65uqrALVnLN379U-0EMSNrHH2EQC-yQWmjBMWG9bBYHugB9Wy4XO8z3Ntpthqv44EgiWwO9GOBgkwo8eQYHIJdGU4DxHsJ52v4nCBhLlk1uPta1NaqxOTWtt5D48NtW5fmrH_un7ukjnBLohLOnnd51nHKldNrQlaXzNXJR_C9Ggm42pQX1foXCfaYgfOzWMx4ifx7gTfIPgVtvI1LR3VPsp3Gi5sBxgwIKvemxXf48D2DtmMkwf3LPsMCpncGrVMg_4K3eHdUaovCAn2l6QiugWl2-nqWH7qiTDIgB6Dfx&sig=Cg0ArKJSzJ6C9dxL2U6gEAE&adurl=

Requested by

Host: www.irctc.co.in
URL: https://www.irctc.co.in/nget/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame 2C65 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:39:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 426
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:39:50 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame 2C65 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:46:38 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2C65 118 KB
36 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 2C65 0
0 14ms
13ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR7IwrL71m0PTwG1SuBci2UW3mygxeFhT0D0gaAaF1EiStLpsj14P2Lt0oZXLFNgYUV8G-v
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 12420142110936866742
tpc.googlesyndication.com/simgad/ Frame 2C65 53 KB
53 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12420142110936866742

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ecc6a094d6e9c110e63a8f3289d521b1ee28515248b208f57f595154e11b9bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 14 May 2021 03:37:55 GMT
x-content-type-options: nosniff
age: 493741
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54078
x-xss-protection: 0
last-modified: Sat, 13 Mar 2021 08:28:27 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 May 2022 03:37:55 GMT

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8898 73 KB
27 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 48DC 0
753 B 49ms
49ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=11924&pub_id=1941071&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=11924&pub_id=1941071

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:56 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.57:80
AN-X-Request-Uuid: c93e4a43-5673-4c2e-b3e5-da23ff1e0f9c
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 423B 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021051301&jk=1648945033911647&bg=!BQalBkLNAAZ7hX_Ue4U7ACkAdvg8WkURKtAk9loSfjmvCs7Cqdu1Z1DhCH7sthAIwOD-Zy2KAYvsqgIAAABjUgAAAC1oAQcKAGKwVGE9oL4sDfKtGWfRYwFp5gfYL-b3HRk2csGw53w86wHPUSe5s5DjacAXNeSku3_O0XZpisRiGCshbZ7-sZyBg4isDvLfJJbONZNL5lQm3mE9U9Ha6wAUhSQghk5WK_rrI5kCZjLg08A7qjyfMSCF40wq7nL64HJ9fx0DsiyeScbOo5dmtad-75IoTnx9YYIhYfcA5V3VAxUyJsQXyNOheSJVYG1QP_YpcuWlY-JikY5R6Ba2X0sDzn66N5xakyQWlCppedEPHH80yvDGBLA5bAEk84BlLyKyRYtBYLEXzocKdyzvspuYBMLG68eYhHepc112M1p_1MiWhduNqJLPnqaf5OGJfyPFHQMwWczmU8x7XMtU_AbzWhNxwlBmxIOIBSyx1O_Uyn-aMvn4PBtwNGRgN4DYDV8lc_7zSjSc-P6hNFCCAyy3VLdIuPt0W432NfN0ngYqKDVPL0GHw3XotTjYTg82RZtDyK3X7Wv8bfM2Lh9d4Dlz4-IvdzApuejT3-ZYtcfWlBJdlAAbs2gXKGJMi3stOAJm_7KizUhcbjsJ_MMCq28yey1fYIIjbsrh36C_Pcstc6nY73zDddM_V63F26SmIOgTx6eC227aRoB6Benz0TKV5hAM82Iy8iPJrJC3LqmgF3fBgWe_LshHHhDh4s8O13Fkj6Dd_lPXDrZuRu0-L-jHTATDPclj-dFP-cQhZRK5BBuKDsiO7WPm_0aPAREJFvCrlEBST7qFYy5zYDu7TI5-PkO_yRDjKXdEr7uGcNmTsnliWCe_eruEchWd455u5g6XGE7ICWJJlKGX4nGAcxc6nH0VrDtEBxZ9vtEch5Uza570wRA-TOcyy6zoTZVkNo-U93yUkfoDsbbk_4ke0ednSEMemzX1y9rJh7Mr58bxSg3vQMQHvMDdBkJg7kxvrzICr46g1Xeb6yg2aKtwEEvZQUsz

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 2C65 0
0 108ms
108ms Fetch
image/gif 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstKgi1E-QOYKIerjmdxOvaig9pA5UnJou2L1Chnntgv4_zmuEhAJNBtM7a3oozGtOV6EG3bX7XbiiGmCERb4u9uDvsttkCeZcMCUPuP9LQvDDtjwVXCtLCJeqfzss8D7g14vRvrHrSTIn1CmSu962eBkcKbIj09a9eTlbALe3MjQ7BofMr42jxv7z-RLCZ9wqXIBq6xtMP-z8n7yByIkuN-n2u1mvzDuc1ijBXyYvjidoHjRqVQCCROrTiB0-olu40Tvqw_V9fnnb4bgrD_ntbiKlhVnzXS6BOeOlb6hTziOFR35m66KSkVxBp9SFM5eOAmck_CLBk&sig=Cg0ArKJSzKaaugNdOCavEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/ Frame 5AD7 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N244601.273391APPNEXUS/B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3mSdM28P9FpZoPqpTc2dGm_IsWmknc_eaVgAAAAABY8RAGULgAAmBwAAAIAAADKSbMPSJYkAAAAAABVU0QAVVNEAEABMgDxCQAAAAABAQUCAAAAANYAqSYgyAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521dxEfxQi_lPUUEMqTzX0YyKySASAAKAAxMzMzMzMz5z86CUFNUzE6Mzk4OEDAK0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgA%2Fcca%3DNzMyMCNBTVMxOjM5ODg%3D%2Fbn%3D84025%2Fclickenc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=2,https%3A%2F%2Fwww.irctc.co.in%2F$0;xdt=1;crlt=xW3_d'_DV6;gcsr=m;osda=2;sttr=16;prcl=s

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:43:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 223
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 20:43:13 GMT

GET
H3-29 200 express_html_inpage_rendering_lib_200_271.js Show response
s0.2mdn.net/879366/ Frame 5AD7 111 KB
38 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://ad.doubleclick.net
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 21:49:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 82621
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39287
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 18:02:50 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 May 2021 21:49:55 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 5AD7 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:21:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19554
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 15:21:02 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 681D 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 19 May 2021 15:21:02 GMT
expires: Thu, 19 May 2022 15:21:02 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 19554
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 8898 10 KB
8 KB 58ms
57ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021051301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4c4be9efcd39de6ed3a5498332175149304ee037adeee3e14d6ec51a87cc1d97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7704
x-xss-protection: 0

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5AD7 118 KB
36 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H3-29 200 BE-PL-320x50-AbsolootlyMad-DJ-NDC.html Show response
s0.2mdn.net/5270879/1590075266923/ Frame 66B6 6 KB
2 KB 49ms
6ms Document
text/html 2a00:1450:4001:82f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/5270879/1590075266923/BE-PL-320x50-AbsolootlyMad-DJ-NDC.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_271.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bff0f98aff70baf392bd5b7bd43e6588eea24ea7de3b9b81ffc845fe5f5a535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /5270879/1590075266923/BE-PL-320x50-AbsolootlyMad-DJ-NDC.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 2003
date: Wed, 19 May 2021 20:25:01 GMT
expires: Thu, 20 May 2021 20:25:01 GMT
last-modified: Thu, 21 May 2020 15:34:26 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 1315
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5AD7 0
23 B 162ms
96ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstmnTEVKBstaxOvxHYNN-JMlT7Zvf6KxaoK8ChLokGOwIzx_jA9jlAs-Eo3XsHuuhkZ3SgC_uSyBTtP8j0mWX2vtNb3IGAemSEBz5P3cZMUtvKvtPpE68mIxyjTZENhEcrM8qpz9ToCyZbuA4QJerfLeOWScPWQ5ozxGBU&sig=Cg0ArKJSzFR0etziOJ1JEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=37&cbvp=1&cstd=35&cisv=r20210517.58601&adurl=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

impression_pixel
t.myvisualiq.net/ul_cb/ Frame 5AD7
Redirect Chain

https://t.myvisualiq.net/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115
https://t.myvisualiq.net/ul_cb/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115

43 B
577 B

45ms
44ms

Image
image/gif

18.196.210.39
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/ul_cb/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115
Requested by: Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N244601.273391APPNEXUS/B25122414.289904035;dc_ver=72.208;dc_eid=40004001;sz=320x50;u_sd=1;gdpr=0;dc_adk=3748940712;ord=gl82bt;click=https%3A%2F%2Fams1-ib.adnxs.com%2Fclick%3F5hN5knTNvD_mNzS8zP2oPwAAAGCPQiNA5jc0vMz9qD_oE3mSdM28P9FpZoPqpTc2dGm_IsWmknc_eaVgAAAAABY8RAGULgAAmBwAAAIAAADKSbMPSJYkAAAAAABVU0QAVVNEAEABMgDxCQAAAAABAQUCAAAAANYAqSYgyAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521dxEfxQi_lPUUEMqTzX0YyKySASAAKAAxMzMzMzMz5z86CUFNUzE6Mzk4OEDAK0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgA%2Fcca%3DNzMyMCNBTVMxOjM5ODg%3D%2Fbn%3D84025%2Fclickenc%3D;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=2,https%3A%2F%2Fwww.irctc.co.in%2F$0;xdt=1;crlt=xW3_d'_DV6;gcsr=m;osda=2;sttr=16;prcl=s
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.210.39 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-210-39.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 20:46:56 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://t.myvisualiq.net/ul_cb/impression_pixel?pt=i&r=3921905879&et=i&ago=212&ao=788&advt=5270879&pi=289904035&ad=484369460&si=6474184&aca=25122414&ci=132661128&chnl=-7&sz=1833&vndr=115
Date: Wed, 19 May 2021 20:46:56 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 8898 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H3-29 200 0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js Show response
pagead2.googlesyndication.com/bg/ Frame 681D 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/0eWRs9v2owYuE6yDy88utlgh72O1yDgkHmBZb7_hHjI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 16:54:27 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 13949
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5773
x-xss-protection: 0
expires: Thu, 19 May 2022 16:54:27 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 935F 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 20:41:21 GMT
expires: Thu, 19 May 2022 20:41:21 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 335
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5AD7 0
23 B 118ms
95ms Ping
image/gif 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 935F 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 19335
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
H2 200 index.html Show response
host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/ Frame 2C78 76 KB
76 KB 86ms
27ms Document
text/html 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/5270879/1590075266923/BE-PL-320x50-AbsolootlyMad-DJ-NDC.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: dc96f70617608f71da10b3f4fa624a98a8543279c75ea9541e68c810201e4822

Request headers

:method: GET
:authority: host.adcropper.com
:scheme: https
:path: /BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s0.2mdn.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://s0.2mdn.net/

Response headers

x-guploader-uploadid: ABg5-Uyt0BZ16mKvEhNxgYBRgZwUh9nqaXWBimk8kQHbrS-ycH-hXAapGL2EIff5aUwvljOdW5hRJ74ii1IE1w7oqnw
expires: Wed, 19 May 2021 21:33:30 GMT
date: Wed, 19 May 2021 20:33:30 GMT
last-modified: Thu, 21 May 2020 13:55:07 GMT
etag: "e559442942d6d3dbae2beae2aa5fee5b"
x-goog-generation: 1590069307371136
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 77656
content-type: text/html
x-goog-hash: crc32c=r33KlQ== md5=5VlEKULW09uuK+riql/uWw==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 77656
access-control-allow-origin: *
server: UploadServer
age: 806
cache-control: public, max-age=3600
alt-svc: clear

GET
H3-29 200 css
fonts.googleapis.com/ Frame 2C78 1023 B
426 B 23ms
21ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Asap:regular

Requested by

Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4833ea19effcc4e63b391362c9fd83b5ba806692ade5412def93a492c32aee6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://host.adcropper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 19:50:22 GMT
server: ESF
date: Wed, 19 May 2021 20:46:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 423B 80 KB
26 KB 86ms
41ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 11:49:37 GMT
server: nginx
etag: W/"60a25851-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 20 May 2021 20:46:56 GMT

GET
H2 200 dynamicJP-pl-AbsolootlyMad.js Show response
host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/ Frame 2C78 5 KB
5 KB 26ms
26ms Script
application/x-javascript 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/dynamicJP-pl-AbsolootlyMad.js
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 89dcc9961029d31f98e1fc5863a0918776b221a51c95d2adf4d4c4fdb056b3e4

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:56:27 GMT
age: 3029
x-guploader-uploadid: ABg5-Ux1PEC5iV3J1lJhMtggFiwd83Dtyw_X5ka_-co19uAmnqiCHYELt8AAj6J93mkYqXiUWMnF1yhCN7IYjDdkZbQEerUGCA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 5295
last-modified: Wed, 12 May 2021 14:47:57 GMT
server: UploadServer
etag: "232572cbd7eae4788446a55dece0fa5d"
x-goog-hash: crc32c=ZcoYVQ==, md5=IyVyy9fq5HiERqVd7OD6XQ==
x-goog-generation: 1620830877829034
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 5295
accept-ranges: bytes
content-type: application/x-javascript
expires: Wed, 19 May 2021 20:56:27 GMT

GET
H2 200 320x50.jpg
host.adcropper.com/BetssonGroup/Betsson/BE-SE-DynamicJackpot/AbsolootlyMad/video/Poster/ Frame 2C78 15 KB
15 KB 27ms
27ms Image
image/jpeg 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/BE-SE-DynamicJackpot/AbsolootlyMad/video/Poster/320x50.jpg
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: eca8ad1e88fee72245cbbf5eb69f30be15a4132694e4eeb85bfb0986d56d6e75

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:16:00 GMT
age: 1856
x-guploader-uploadid: ABg5-Uxd4DRaBMhVTu01CYp-icTzHBqRl7gcJ2rJqlveLJi6ZKEix8uhMwZ7m3mfs5E4cW0VW9j-7Q9mcbNscDqUnWc
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 15176
last-modified: Sat, 09 May 2020 12:59:07 GMT
server: UploadServer
etag: "9d11a3b7d05e6f7511cf5c561278de8e"
x-goog-hash: crc32c=Q+Vj8g==, md5=nRGjt9Beb3URz1xWEnjejg==
x-goog-generation: 1589029147467712
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 15176
accept-ranges: bytes
content-type: image/jpeg
expires: Wed, 19 May 2021 21:16:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 681D 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bd9E7QHmlYPto0I-AB8jnnPgFAAAAADgB4AQC&bg=!ZWalZiLNAAZ7hX_Ue4U7ACkAdvg8WmGMlEkHGOUyA-G_TdF0SbNmEkceo3aKBKwNbOIAx5tXTbA0agIAAACVUgAAACZoAQcKAEF7OVFJzVEaWSng06USycvbwqZtgZBAZFAOQKX6oHFJdsiEm7uQCuC1UIrUY2kHbmvJanf7U3OoZXR8I_bRzcid85kCn3dxj1hug-l1fH01c_5sE0CthAHz6rmVs8uUa7wyq3E-f2RxbZR8C2OQviNlUqm-CqxND1Azbz3Xbog2eeXqMnOfyscBctk9wrjwNbEd_orVfn6eQXzEzon1CBdWOAxGTeXjGlvMSzt7gv3zQBdqYIR73sYj2_CNykXvRJlMQCBvWIo05oF0Qbmg2Jwmrkn0rIVaXVZj2CmEetFojxg3uv7BjDKwpzAKeYhhJJ7qZ3lMOoPgFs1EslEqPCyOu24P6v6HtcGlD-uy_Er5O-3BT1iPO7dAHYAqju2k-9sq44i6-iJ9h02DfuMoqCq6IzPsrgnBr12K6FWlJw6hSU3vcVP_ko02rPE7GyQbkI8d_dgpP_Ee6_8R1rjRu78sr10oivtUsfYo8eZiviTL6zzTI1iSwa_1WxJM0pTjT27nlAyHg4a0SdO8Dam6jj0CCeqT7ESgbhlO7b7SU5p7nPSvpqQ7CZ7ghMChgQjSh51Klw5BCDl5ARexVTnsOzbMqoS_FV9zVn3l9UiYKf2sxJKXJ8LdwmV5DknX4j3f7wKXYgJ7gyZSuKyXrkK-5dp8RwyPBuEx_V7r81NjdzixM59AtllDKtZoYSDEF2TvH2Mhj7OWn6jrjl4RvD1vmMQtsmijPEBD-a2ruZAq72iwLoMSGMK93QY4y9rBItnnqFm6imKA6E_PECn57_ME7aUPaexDkv98th7w3P2_xxgCQ-he7z4ItqUr2OjLSuCjswXgkeq68Zo4Lcj50xWj9GsXTmE6XPBxph6-f_H0TrssuORF7MipGi_srDl0ccFitUaXhtbDaCPrxR5pkvMYk5Q5_WcexuFwCfXlcxwrXycx_z46JFuwE-i0GA94DXhci-C4n2LjdtlcTPD1kZXVD6SYivTI

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 null
host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/ Frame 2C78 127 B
127 B 57ms
56ms Image
application/xml 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/null
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: bde9c2949e64d059c18d8f93566a64dafc6d2e8e259a70322fb804831dfd0b5b

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
server: UploadServer
x-guploader-uploadid: ABg5-Uxe7DymjliJWA_kcBWiranrj6Qx6Sa28cMiw_plSwvhlPyUnkifehYADzhGXjfSWTJ1tXOPBd9b_IpoBjjiUHYXkzk3hg
content-type: application/xml; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=0
alt-svc: clear
content-length: 127
expires: Wed, 19 May 2021 20:46:56 GMT

GET
H2 200 GT-Walsheim-Bold.woff
host.adcropper.com/BetssonGroup/Betsson/assets/ Frame 2C78 69 KB
70 KB 26ms
26ms Font
application/font-woff 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/assets/GT-Walsheim-Bold.woff
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 4509ef735b369f8d697d500602850f0599474136b5c801391c47266aa524d4e4

Request headers

Origin: https://host.adcropper.com
Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:50:52 GMT
age: 3364
x-guploader-uploadid: ABg5-UyiCvsjnSgZuPIY_6YDHKlBi3drrb4hY7smYN8YdZCH6spcUlZoVcGPtKpX7ws9SqsmZ0f4CHlyxAJ9TvhbeZo
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 70936
last-modified: Tue, 12 Mar 2019 09:36:22 GMT
server: UploadServer
etag: "bbbbd06700b744720fefeddbefa04ed2"
x-goog-hash: crc32c=6oajxw==, md5=u7vQZwC3RHIP7+3b76BO0g==
x-goog-generation: 1552383382361788
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 70936
accept-ranges: bytes
content-type: application/font-woff
expires: Wed, 19 May 2021 20:50:52 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8898 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021051301&jk=3398252998961862&bg=!VValVhLNAAZ7hX_Ue4U7ACkAdvg8Wrr0IP_a-iYFy7FZt4M1_l6M8BDtHwbHxHzOTir7UW1gIghsCQIAAACTUgAAABBoAQcKATEWoPTjcWFFRTGdRyssKuW_4Z5eRQAEWEtIMbg1jOiqjpnTNR4vsDzhBiZFT-NOLs3E9EC-bbxDeAFJwD0LU36wzFY7kW7jaBdac3GdXfVA5YunXrLESKbpjJlghDTgB1Dhh8XnemFYAUBQDAv0mq5KqOiMd0UD-hPrHPkOItZjuV1iXqmMw5b7KhlGRkTB2xoqG5B3Zbj2XOgSw2gJWocg2MlWg4M9fxJZLcyMQmaCSl-PfAb21GantDbdm5DOFJDZV6WLRfCe7n7eMf7Ucr2avNzZpwsKebT85MA1TNlQT5f8sw1ORE_lkru-lLTD8tQhSprjLZJmcxH8XpPbVRTTPgEKW8yngtvcXicilHIv5X3uTlpHFN4nmo8-KgyD9Qu4Hd_a8q5E7KVdHAsRW4s99ZkCWoLeCXG1woFGVbGvhXoOtNikPjRE_c6kUihhd6LpBP7ciPOnNbsARXyWc0yPOyW8eCgrFXIB97PrRB7iJYl17VghxiyKqg1ZM4dFFVQi8JDOiEb_ivskcZZzT1xT9No7npFm0AOlwtzcc-KayWe5cvrfi7U2JgOaMX2bKMbqIU5NXwwXKji65suh_m4Ukh_chZRJPc7U5YWp9YwQO7Nc9kJy2Jn20mvPP7ttk_DdecC9KDiqwpqQxczFHJvq4jAfzcinfA5LvA5F5dEJszX7c1z9Xe1hdexenT-2lesqgyWx6epfx1hdwCBDmtTx7dsgAN5kKBeOu-jp1Xe8-kWoFU7TOL6as80AzmoWFCqDFdAvoXS1xCSmpJS6jU3ppw5Qb6fPuoiEm7KiGMki4t5PaTmzCFXQxsEkHYuTbYryaARODJVJSToaX8texaFkqUbM3n8Fx-8qxhPXuhsWZ8fFcNZCwl-tKQUnfUmJ_1EbbDWvjby29BXQ1pH4AztT8sZE4tQls8Petse_aAUStmMa2KF1XJ3h0AfBY-fNOCtP_VTQgE0BxW-ppxHGPVKXxIj6O0C2zJwjmJaUp-EA_ZrIs_eyP2zV4rB4QIb2i76pOZXlfd7XoUss6eOieqCIO88xd8vHnjztukdLnFcjUszEhXv-aTudRGg3dbVZB1FqOl22Y4u8Al1UlgfbQ0J9sqdFjXYqbvBN7jRumftFVvO-KjAgfayja1ebrCn_J6inKDurzbJ3xURXW5hJR6owHHYz7qLCjluglh1ee-DtK3xuOU416gW3U7ME80oS

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 betsson-logo-white.svg
host.adcropper.com/BetssonGroup/Betsson/assets/ Frame 2C78 2 KB
3 KB 27ms
26ms Image
image/svg+xml 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/assets/betsson-logo-white.svg
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 2c6bc7986ddb2f4200fd8746008e1e7508da10d14c4546309b0ab6535c9b719b

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:59:03 GMT
age: 2873
x-guploader-uploadid: ABg5-UzUyAtgt9rt60l9T6kDaTZOddDsRFVo3fIdjrm_v0DDu33GlRDVr9nGakyJk3VbypfhxjDruwRTEGcn7MEqdqg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 2439
last-modified: Tue, 12 Mar 2019 09:36:16 GMT
server: UploadServer
etag: "7557cb22fe31eaef97a79c6fa8d0a058"
x-goog-hash: crc32c=bHvi0A==, md5=dVfLIv4x6u+Xp5xvqNCgWA==
x-goog-generation: 1552383376379429
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 2439
accept-ranges: bytes
content-type: image/svg+xml
expires: Wed, 19 May 2021 20:59:03 GMT

GET
H2 200 bottom.svg
host.adcropper.com/BetssonGroup/Betsson/assets/ Frame 2C78 556 B
843 B 28ms
27ms Image
image/svg+xml 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/assets/bottom.svg
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: beb6d0da5eb35e3aa66d51f9b5185a3f97784cb777c205ae50fe314abf27136a

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:33:03 GMT
age: 833
x-guploader-uploadid: ABg5-UweBlS1u3tLtuvUOQsOrOuRUagZahnjlARz36MC93wpvuEHqpN4HiucuOy0Gdh02gtzlVLV8vBV32iopY9uIMMktnkxbw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 556
last-modified: Tue, 12 Mar 2019 09:39:01 GMT
server: UploadServer
etag: "6d302986e6828cd8b10e57d3b8c49122"
x-goog-hash: crc32c=u7Uf/w==, md5=bTAphuaCjNixDlfTuMSRIg==
x-goog-generation: 1552383541926841
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 556
accept-ranges: bytes
content-type: image/svg+xml
expires: Wed, 19 May 2021 21:33:03 GMT

GET
H2 200 top.svg
host.adcropper.com/BetssonGroup/Betsson/assets/ Frame 2C78 574 B
854 B 27ms
26ms Image
image/svg+xml 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/assets/top.svg
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: bb13b63631f53fbc96eed6a88d58ae5ff695ec556aa6581d1de71eaa3e56260a

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:40:27 GMT
age: 389
x-guploader-uploadid: ABg5-UyAK4yRF_lJLIkVjAyQrhHXtQli45qMGmT1JZhDpRHZXxYKJfTQUik9M-wh_w0JiNzZd3DlLE3fOJ3Lv4AU6nE
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 574
last-modified: Tue, 12 Mar 2019 09:39:02 GMT
server: UploadServer
etag: "d5718375ea0fa455412d250d39945bb4"
x-goog-hash: crc32c=rvdXFA==, md5=1XGDdeoPpFVBLSUNOZRbtA==
x-goog-generation: 1552383542100326
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 574
accept-ranges: bytes
content-type: image/svg+xml
expires: Wed, 19 May 2021 21:40:27 GMT

GET
H2 206 320x50.mp4
host.adcropper.com/BetssonGroup/Betsson/BE-SE-DynamicJackpot/AbsolootlyMad/video/ Frame 2C78 35 KB
35 KB 26ms
26ms Media
video/mp4 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://host.adcropper.com/BetssonGroup/Betsson/BE-SE-DynamicJackpot/AbsolootlyMad/video/320x50.mp4
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 0b81d076e8b22b1b2c5cc98c3412c156ec5aecd2852c4290f879cbf22decaf1f

Request headers

Referer: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Wed, 19 May 2021 20:36:11 GMT
age: 645
x-guploader-uploadid: ABg5-UyLG3zR0TBFtNlQoyMDK4xj79psx44TZ_-CNbMTY3EI92zVpdWvnLojVA2eZUAf6Jk5Iv0_KQHUqBd4xQdo373dSZC7pw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
Content-Length: 35797
Content-Range: bytes 0-35796/35797
last-modified: Mon, 11 May 2020 16:36:35 GMT
server: UploadServer
etag: "f788f755b8b6465ddaeac72238755775"
x-goog-hash: crc32c=nB2LtA==, md5=94j3Vbi2Rl3a6sciOHVXdQ==
x-goog-generation: 1589214995063528
access-control-allow-origin: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 35797
accept-ranges: bytes
content-type: video/mp4
expires: Wed, 19 May 2021 21:36:11 GMT

GET
DATA 200
OK truncated
/ Frame 2C78 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 absolootly-mad-mega-moolah Show response
api.adcropper.com/jackpot/betsson//po/ Frame 2C78 11 B
127 B 115ms
61ms Fetch
application/json 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.adcropper.com/jackpot/betsson//po/absolootly-mad-mega-moolah
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/dynamicJP-pl-AbsolootlyMad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 7b83d36c2baf82aa1cbc6d50979798b83f66c1225b998900a6a2fcb16062cf15

Request headers

Referer: https://host.adcropper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:56 GMT
via: 1.1 google
server: nginx/1.14.0 (Ubuntu)
alt-svc: clear
content-length: 11
content-type: application/json

GET
H2 200 trackb.gif
api.adcropper.com/track/ Frame 2C78 35 B
138 B 92ms
91ms Image
image/gif 35.201.99.35
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.adcropper.com/track/trackb.gif?&adID=5ec1be641537312411cd4679&creativeID=5ec1befa1537312411cd467f&size=320x50&mode=imp&inputDevice=desktop&1621457216531
Requested by: Host: host.adcropper.com
URL: https://host.adcropper.com/BetssonGroup/Betsson/DynamicJackpot/Betsson/PL/AbsolootlyMad/320x50/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.99.35 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 35.99.201.35.bc.googleusercontent.com
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://host.adcropper.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
via: 1.1 google
server: nginx/1.14.0 (Ubuntu)
cache-control: public,max-age=3600
alt-svc: clear
content-length: 35
content-type: image/gif

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame FD46 0
326 B 67ms
22ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.irctc.co.in

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.irctc.co.in
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1511
set-cookie: uid=af05fa2f-bc00-483b-894f-c23073102639; expires=Thu, 19 May 2022 20:46:55 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Wed, 19 May 2021 20:46:55 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 423B 80 KB
26 KB 77ms
31ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:56 GMT
content-encoding: gzip
last-modified: Mon, 17 May 2021 11:49:37 GMT
server: nginx
etag: W/"60a25851-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 20 May 2021 20:46:56 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BB1A 42 B
501 B 64ms
45ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssed-UrG4YMlfHoioQYo7EJ-t7_Rk5fK3BbsaiHXGkXaYuCHIb-15t1JQyAvaAKm8OZQDqWphVK78ww8wQ27jg5GtFSTbYvOpfKsHBb3Ho&sig=Cg0ArKJSzFsDFx4tDT56EAE&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=19&adk=3461485115&rs=4&met=ie&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&rst=1621457215826&dlt=0&rpt=199&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK vevent
ams1-ib.adnxs.com/ Frame BB1A 0
699 B 57ms
57ms Ping
text/html 185.33.223.178
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.irctc.co.in%2F&e=wqT_3QK0DPBMNAYAAAMA1gAFAQi_8pWFBhDR05mbqL3pmzYY9NL9ldLYqcl3KjYJ5hN5knTNvD8R5jc0vMz9qD8ZAAAAYI9CI0Ah5jc0vMz9qD8p6BMJJNAxAAAAgOtR2D8wlviQCjiUXUCYOUgCUMqTzX1YyKySAWAAaPGTrAF4uZAFgAEBigEDVVNEkgUG8E-YAcACoAEyqAEBsAEAuAEBwAEFyAEC0AEA2AEA4AEA8AEAigKVAXVmKCdhJywgMTQ1MzA0MSwgMTYyMTQ1NzIxNSk7dWYoJ2knLCAyMTYzNk4dAABnAToYMjM0MTkwNkY7ACxjJywgNDQzMjc4NjRGHgAscicsIDI2MzQwODA3Oh8A9BcBkgKRBCFuMmRwNVFpX2xQVVVFTXFUelgwWUFDRElySklCTUFJNEFFQUFTSmc1VUpiNGtBcFlBR0FFYUFCd0FIZ0FnQUVBaUFFQWtBRUFtQUVBb0FFS3FBRUtzQUVBdVFIVXhkaTRzczI4UDhFQjFNWFl1TExOdkRfSkFRQUFBQUFBQVBBXzJRRUFBQUFBQUFEd1AtQUJ1WWVFQWZVQmZyNUdQcGdDQUtBQ0FiVUNBQUFBQUwwQ0FBQUFBT0FDQU9nQ0FQZ0NBSUFEQVpnREFhSUREZ2lvbk40UEVBc1lBaTBBQUFBQXVnTUpRVTFUTVRvek9UZzQ0QVBBSzRBRTJOTG1CWWdFa3RQbUJaQUVBWmdFQWNFRUFBQQGaAZAESkIBBw0BFDJBUUE4URG5ZEFBQUlnRmxCLVFCWWFNUEpnRnVNZVJGYWtGARsBARA4RC14QgEvJE1EUDEtZ193UVUBVBhBejlmSVA4LigABF9SBSgNAQAyBSgBAcBEd1AtQUY4MWZ3QlpLbDhRWDRCZkhYV0lJR0ExVlRSSWdHQkpBR0FaZ0dBS0VHTXpNBQIsNXotb0JnU3lCaVFKAUYNAQBSDQgBAQBaAQUNAQBoDQhIQUFBQzRCZ28umgKJASFkeEVmeDoVAjB5S3lTQVNBQUtBQXhNBWtgTXo1ejg2Q1VGTlV6RTZNems0T0VEQUswawFOAe0Md1AxRQEJCQEARhEYDEFBQUcdGABHHRgASB0Y9GkBSGdB2AIA4AL2h1zqAhhodHRwczovL3d3dy5pcmN0Yy5jby5pbi-AAwCIAwGQA9vHQZgDF6ADAaoDAMADrALIAwDYA4nALuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBA8xOTYuMjQ3LjE4MC4xNDioBACyBA8IABABGMACIDIoADAAOAK4BADABADIBADSBA43MzIwI0FNUzE6Mzk4ONoEAggB4AQB8ATKk819iAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFlo0C-gUECAAQAIoGRHF3OUVLQzBBQUFBREFBa0NCUUVJXzdYZ0JoRDhxc0VDR0lfYjBBSWdCaWdBUVBpRjB3VkkwNWpUQlZEQUsxalVKUS4ukAYAmAYAogYPMTE5MjQjQU1TMTo0ODIwuAYAwQYAAAAAAADwP9AGqSXaBhYKEAAAAAANkgUBKBAAGADgBgHqBjp1jbQQNTI2NDdOWwQoaScsIDU1MTY2ODc2eAQ48gZKCIaMPBJEM3c2OEdDZYnwRkRBQWtDQlFFSTAtV3RCaENEX2JBQ0dLWGx0QUlnQnlnQVFOeVE4UVJJamJlREJWREFLMWpVSlEuLoAHAYgHAKAHAboHDwgAAZ8AICGTMPMXQADIB7mQBdIHDQkFugiAQUABHgzaBwYICcYsBwDqBwIIAPAH1bMT&s=1206218bf72b462ae95bbebd6046d168607607ba&type=pv&jm=1003&px=0&py=0&bw=320&bh=50&sf=0.96&sid=3468441651089450545&vd=ct~0|rr~5&sv=209&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21249046&cid=3&cr=nv&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/209/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.178 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

824.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:57 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 824.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.60:80
AN-X-Request-Uuid: 4c3a3ace-8d2a-4153-b84b-50c122b1ef19
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://assistant.corover.mobi
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
ib.adnxs.com/ Frame 48DC
Redirect Chain

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=11924&pub_id=1941071&gdpr=0
https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels%26seller_id%3D11924%26pub_id%3D1941071%26gdpr%3D0

0
825 B

55ms
55ms

Script
text/html

185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels%26seller_id%3D11924%26pub_id%3D1941071%26gdpr%3D0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:57 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.45:80
AN-X-Request-Uuid: 9fe4683b-00c8-47ac-9b4c-6999d656856b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:57 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.41:80
AN-X-Request-Uuid: e12aeaed-0bc2-49f2-a053-0e4a3c9716ad
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fasync_usersync%3Fcbfn%3DqueuePixels%26seller_id%3D11924%26pub_id%3D1941071%26gdpr%3D0
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5AD7 42 B
64 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvfyxQstYNT4-sfn4DmwUZ_IYeQhsbKN9bcVz70UJHn-oZUO8GlZGrPEVeOanjFbMbSlqMJFebQNqK9CX0-NS-yrw&sig=Cg0ArKJSzAVHdACjF0KxEAE&id=lidar2&mcvt=1000&p=0,0,50,320&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&app=0&itpl=34&adk=3748940712&rs=6&met=mue&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0082 3 KB
1 KB 66ms
66ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1621457215647

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

dc5d59a0349ad0786364da25af6d8778a5f1c301742ceead9ab2b8280af82826

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1621457215647
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A463 38 KB
14 KB 148ms
54ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

server: Apache/2.2.15 (CentOS)
last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52292
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:58 GMT
vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 68AB 5 KB
2 KB 38ms
7ms Document
text/html 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54568136bcc231af9aa7f765a5593f06ed6396388015f4959ef7952f5fafc1ac

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Fri, 14 May 2021 20:22:43 GMT
accept-ranges: bytes
etag: "2f086b9f0d5c2806f4c1be77954d8244"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: VVh/0ZwNRy3m/M6hF6AVjT4sQGmffpSAA+0rztg2YhUni0qgSpdeVOw9BBXHIFnblMost5go1r4=
x-amz-request-id: 060BSB6M4G13WFKH
x-azure-ref-originshield: 00J2kYAAAAABDWFDRMBYfTaRpIvJL+6SVTE9OMjFFREdFMDExOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0QnmlYAAAAABYqWsx3UinTolPaYNhpXLeRlJBRURHRTEwMTUAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date: Wed, 19 May 2021 20:46:58 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 72C9 38 KB
14 KB 171ms
78ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

server: Apache/2.2.15 (CentOS)
last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52292
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:58 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E17F 52 KB
17 KB 42ms
42ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://assistant.corover.mobi/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7479704688393846363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 14 May 2021 05:43:20 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 19 May 2021 20:46:58 GMT
Age: 54208
X-Served-By: cache-lga21946-LGA, cache-hhn4062-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1244340
X-Timer: S1621457219.684975,VS0,VE0
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E329 52 KB
17 KB 93ms
42ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://assistant.corover.mobi/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7479704688393846363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 14 May 2021 05:43:20 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 19 May 2021 20:46:58 GMT
Age: 54208
X-Served-By: cache-lga21946-LGA, cache-hhn4062-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1244342
X-Timer: S1621457219.736578,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 426A 5 KB
2 KB 35ms
8ms Document
text/html 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54568136bcc231af9aa7f765a5593f06ed6396388015f4959ef7952f5fafc1ac

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Fri, 14 May 2021 20:22:43 GMT
accept-ranges: bytes
etag: "2f086b9f0d5c2806f4c1be77954d8244"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: VVh/0ZwNRy3m/M6hF6AVjT4sQGmffpSAA+0rztg2YhUni0qgSpdeVOw9BBXHIFnblMost5go1r4=
x-amz-request-id: 060BSB6M4G13WFKH
x-azure-ref-originshield: 00J2kYAAAAABDWFDRMBYfTaRpIvJL+6SVTE9OMjFFREdFMDExOQA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 0QnmlYAAAAACb/cn1NyJiSKxbaZC/CQ9ERlJBRURHRTEwMTUAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date: Wed, 19 May 2021 20:46:58 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 13B4 3 KB
1 KB 43ms
43ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1621457215714

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

d91aa6317b695abf60eef9b5621cd8345a28f04d3d4aedc985c431d9c972e699

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1621457215714
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2

200

/
onetag-sys.com/match/ Frame 423B
Redirect Chain

https://onetag-sys.com/usync/?tag=img
https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D5cfeef4b-723b-40de-9192-57e1824db111...
https://x.bidswitch.net/sync?dsp_id=80&user_id=e90060a5-7942-4900-b282-6ef7eae0799b&expires=30&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

45ms
44ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame C7C4 4 KB
2 KB 194ms
62ms Document
text/html 52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a5c8ae3c191fb12089d3acbb0f46aba46cc3421ef524fa5d8f09b09b205de39c

Request headers

:method: GET
:authority: g2.gumgum.com
:scheme: https
:path: /usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25; Domain=.gumgum.com; Expires=Thu, 19-May-2022 20:46:58 GMT; Path=/; Secure; SameSite=None
etag: W/"07d97521ba35851e935e9b2ffba7a2a6a"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame E2A7 0
0 416ms
135ms Document
text/plain 67.202.110.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-110.static.steadfastdns.net
Software: 33XP003 /
Resource Hash

Request headers

:method: GET
:authority: pixel.33across.com
:scheme: https
:path: /ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP003
date: Wed, 19 May 2021 20:46:58 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 8DC7 3 KB
1 KB 50ms
45ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

1432a1af38e51bd8215b6becea2de244dd142d5dec579f0c85a7b83534422780

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: OTP=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vUM8yadnD5PMXR5XgJ97XczkmEbid1kIW9sLHZyZlCw; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 8059 965 B
1 KB 168ms
53ms Document
text/html 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 72967c142241eb0efc02f6c9127e49adf998161a1dd347a306902f76ab062057

Request headers

Host: ssbsync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://public.servenobid.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
content-type: text/html
content-length: 965
set-cookie: pid=3168481547214380716; expires=Sun, 19 Jun 2022 20:45:58 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none

GET
H2

200

sync
ads.servenobid.com/ Frame 68AB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363

0
287 B

64ms
63ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.85:80
AN-X-Request-Uuid: 590c5239-a46c-4b11-8efe-5d160c47a33d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 68AB
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true
https://ads.servenobid.com/sync?pid=310&uid=832af292f51fc3a334b7eea0

0
289 B

62ms
62ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=832af292f51fc3a334b7eea0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: nginx
Location: https://ads.servenobid.com/sync?pid=310&uid=832af292f51fc3a334b7eea0
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 68AB
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1541946518
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1541946518
https://sync.1rx.io/usersync/tradedesk/3f521d63-e746-4606-ae3e-d8a522b908b6
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

35 B
237 B

67ms
66ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
date: Wed, 19 May 2021 20:46:59 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXe5e66d42c860459784d299d59423e3d2003
content-type: text/html

GET
H2

200

sync
ads.servenobid.com/ Frame 68AB
Redirect Chain

https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
https://ads.servenobid.com/sync?pid=322&uid=5e37c22a-83dd-40db-a111-34b90f4af36b

0
298 B

111ms
111ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=322&uid=5e37c22a-83dd-40db-a111-34b90f4af36b
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
server: nginx/1.12.1
location: https://ads.servenobid.com/sync?pid=322&uid=5e37c22a-83dd-40db-a111-34b90f4af36b
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 68AB
Redirect Chain

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D
https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def

0
301 B

62ms
62ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Location: https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def
Date: Wed, 19 May 2021 20:46:59 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2

200

sync
ads.servenobid.com/ Frame 68AB
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=875739026914915596

0
286 B

62ms
62ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=875739026914915596
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=875739026914915596
Date: Wed, 19 May 2021 20:46:58 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

sync
ads.servenobid.com/ Frame 426A
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363

0
287 B

62ms
62ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.183:80
AN-X-Request-Uuid: 4475d3a1-943e-494c-ad06-9f2df4881fa5
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 426A
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID&sovrn_retry=true
https://ads.servenobid.com/sync?pid=310&uid=ac801304dfe726eef5f62dcf

0
289 B

62ms
62ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=ac801304dfe726eef5f62dcf
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: nginx
Location: https://ads.servenobid.com/sync?pid=310&uid=ac801304dfe726eef5f62dcf
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 4334 4 KB
2 KB 186ms
62ms Document
text/html 52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d6995e199872a82d2fbdb8e629dc7cd2eb60c5669edac13c17838bef3e96a34b

Request headers

:method: GET
:authority: g2.gumgum.com
:scheme: https
:path: /usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db; Domain=.gumgum.com; Expires=Thu, 19-May-2022 20:46:58 GMT; Path=/; Secure; SameSite=None
etag: W/"0d8f30a87eea58b1664753258f12bf033"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame 3ECD 0
0 410ms
135ms Document
text/plain 67.202.110.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-110.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

:method: GET
:authority: pixel.33across.com
:scheme: https
:path: /ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Wed, 19 May 2021 20:46:58 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame D21A 3 KB
1 KB 44ms
43ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

1432a1af38e51bd8215b6becea2de244dd142d5dec579f0c85a7b83534422780

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: OTP=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 0B9F 965 B
1 KB 163ms
54ms Document
text/html 185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 9bc59ba16b8150e9bf32f1efb2e11630357c6aa1338190751be4d22442d500b2

Request headers

Host: ssbsync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://public.servenobid.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://public.servenobid.com/

Response headers

date: Wed, 19 May 2021 20:46:57 GMT
content-type: text/html
content-length: 965
set-cookie: pid=2896210908757352161; expires=Sun, 19 Jun 2022 20:45:58 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none

GET
H2

200

usersync
rtb.gumgum.com/ Frame 426A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8283248301
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8283248301
https://sync.1rx.io/usersync/tradedesk/66e902c2-976d-47a5-abe9-c33bcadfcea7
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

35 B
237 B

67ms
66ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
date: Wed, 19 May 2021 20:46:59 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXe5e66d42c860459784d299d59423e3d2003
content-type: text/html

GET
H2

200

sync
ads.servenobid.com/ Frame 426A
Redirect Chain

https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
https://ads.servenobid.com/sync?pid=322&uid=f7f23556-4750-496d-9083-672ec4cc7d2c

0
298 B

62ms
61ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=322&uid=f7f23556-4750-496d-9083-672ec4cc7d2c
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
server: nginx/1.12.1
location: https://ads.servenobid.com/sync?pid=322&uid=f7f23556-4750-496d-9083-672ec4cc7d2c
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 426A
Redirect Chain

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D
https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def

0
301 B

64ms
64ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Location: https://ads.servenobid.com/sync?pid=328&uid=4a168fe7b768136390ea25ea33722c54c4605def
Date: Wed, 19 May 2021 20:46:59 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked

GET
H2

200

sync
ads.servenobid.com/ Frame 426A
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=1871597495218669069

0
286 B

62ms
61ms

Image
image/avif

52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=1871597495218669069
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=1871597495218669069
Date: Wed, 19 May 2021 20:46:58 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E17F 0
754 B 60ms
60ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.102:80
AN-X-Request-Uuid: f4eec1d4-537c-4291-ad60-7cb7bfb227b8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

e90060a5-7942-4900-b282-6ef7eae0799b
onetag-sys.com/sync/i,1/ Frame 13B4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/e90060a5-7942-4900-b282-6ef7eae0799b

0
290 B

45ms
44ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/e90060a5-7942-4900-b282-6ef7eae0799b

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x9
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/e90060a5-7942-4900-b282-6ef7eae0799b
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 13B4 0
239 B 177ms
45ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

7552509207361088343
onetag-sys.com/sync/i,34/ Frame 13B4
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://onetag-sys.com/sync/i,34/7552509207361088343

0
290 B

49ms
44ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/7552509207361088343

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/7552509207361088343
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 13B4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc=
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

0
290 B

42ms
42ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 13B4 0
239 B 178ms
44ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2 204 sync
pixel.advertising.com/ups/58198/ Frame 13B4 0
124 B 149ms
44ms Image
text/plain 52.28.254.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.254.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-28-254-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 13B4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

43 B
375 B

42ms
42ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 13B4
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&google_hm=NWNmZWVmNGItNzIzYi00MGRlLTkxOTItNTdlMTgyNGRiMTEx
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEK_TbwnPJRcbJfZF-NQ-_1s&google_cver=1&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

44ms
44ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215714

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:46:58 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

e9fd60a5-7942-4600-8db3-772b93dc7fc7
onetag-sys.com/sync/i,1/ Frame 0082
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/e9fd60a5-7942-4600-8db3-772b93dc7fc7

0
290 B

43ms
42ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/e9fd60a5-7942-4600-8db3-772b93dc7fc7

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x25
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/e9fd60a5-7942-4600-8db3-772b93dc7fc7
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 0082 0
239 B 171ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 0082
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc=
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESELr84Fpp-YscrTyuDUYR_ps&google_cver=1

0
290 B

43ms
42ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESELr84Fpp-YscrTyuDUYR_ps&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESELr84Fpp-YscrTyuDUYR_ps&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 sync
pixel.advertising.com/ups/58198/ Frame 0082 0
125 B 141ms
43ms Image
text/plain 52.28.254.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.254.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-28-254-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 0082
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

43 B
375 B

44ms
43ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 0082
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=onetag&ssp_user_id=5cfeef4b-723b-40de-9192-57e1824db111
https://x.bidswitch.net/sync?dsp_id=74&&user_id=180896394&expires=5&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

9155501502506257739
onetag-sys.com/sync/i,34/ Frame 0082
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY
https://onetag-sys.com/sync/i,34/9155501502506257739

0
290 B

50ms
45ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/9155501502506257739

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/9155501502506257739
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 0082 0
239 B 213ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=ciU9L5MKKufNGUtzUkkjUbNZagYiU9lsPoO602HIFJY
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215647
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E329 0
753 B 61ms
61ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.45:80
AN-X-Request-Uuid: 353d608b-95cd-4dcd-93fb-03b85ba77235
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 8898
Redirect Chain

https://onetag-sys.com/usync/?tag=img
https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=bc756333-79ac-40e2-94dc-fbe6f1361c55&ssp=onetag&user_group=1
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://assistant.corover.mobi/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:47:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2542 52 KB
17 KB 42ms
42ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://assistant.corover.mobi/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7479704688393846363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 14 May 2021 05:43:20 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 19 May 2021 20:46:58 GMT
Age: 54208
X-Served-By: cache-lga21946-LGA, cache-hhn4062-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1244343
X-Timer: S1621457219.799524,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 1CAB 38 KB
14 KB 65ms
65ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

server: Apache/2.2.15 (CentOS)
last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52292
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:58 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 665A 52 KB
17 KB 42ms
42ms Document
text/html 151.101.113.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://assistant.corover.mobi/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: uuid2=7479704688393846363
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Fri, 14 May 2021 05:43:20 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Wed, 19 May 2021 20:46:58 GMT
Age: 54207
X-Served-By: cache-lga21946-LGA, cache-hhn4074-HHN
X-Cache: HIT, HIT
X-Cache-Hits: 5, 1247918
X-Timer: S1621457219.802354,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 9E5A 3 KB
1 KB 43ms
43ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1621457215715

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

ccddc829527de4dc6824cc73b29e967fc460a156a6add5f8020c61f1b860874e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1621457215715
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: OTP=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=f4UHl8SnD5UkNITSZhjihl-HtMRT4M5yLOtrFr9o7pA; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 4D15 3 KB
1 KB 44ms
44ms Document
text/html 51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1621457215698

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

ccddc829527de4dc6824cc73b29e967fc460a156a6add5f8020c61f1b860874e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?cb=1621457215698
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: OTP=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=6g3dA0vTBH283B3lVLSjIkqX81ZbvEZTPy_s8jwfaa8; path=/; expires=Fri, 19 May 2023 20:46:58; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5714 38 KB
14 KB 83ms
83ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/unib0ts/unibots@latest/main/script/adScript.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://assistant.corover.mobi/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://assistant.corover.mobi/

Response headers

server: Apache/2.2.15 (CentOS)
last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52292
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:58 GMT
vary: Accept-Encoding

GET
H2

200

170860a5-7942-4600-8a40-f340b76e0754
onetag-sys.com/sync/i,1/ Frame 8DC7
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/170860a5-7942-4600-8a40-f340b76e0754

0
290 B

50ms
46ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/170860a5-7942-4600-8a40-f340b76e0754

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/170860a5-7942-4600-8a40-f340b76e0754
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 8DC7 0
239 B 173ms
43ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

8822065448440333580
onetag-sys.com/sync/i,34/ Frame 8DC7
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://onetag-sys.com/sync/i,34/8822065448440333580

0
290 B

49ms
45ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/8822065448440333580

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/8822065448440333580
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 8DC7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc=
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

0
290 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 8DC7 0
239 B 216ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

/
onetag-sys.com/match/ Frame 8DC7
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Donetag%26expires%3D30%26user_group%3D%24%7...
https://ads.betweendigital.com/match?bidder_id=43092&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Donetag%26expires%3D30%26user_group%3D%24%7...
https://x.bidswitch.net/sync?dsp_id=429&user_id=414ed594-de90-528b-a80a-b9cdc8afc088&ssp=onetag&expires=30&user_group=1
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

49ms
49ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

y-z3jBxClE2uGreJQIwSWGsokfwFkmZDgz~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e
onetag-sys.com/sync/i,39/ Frame 8DC7
Redirect Chain

https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e&verify=true
https://onetag-sys.com/sync/i,39/y-z3jBxClE2uGreJQIwSWGsokfwFkmZDgz~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

0
290 B

50ms
50ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,39/y-z3jBxClE2uGreJQIwSWGsokfwFkmZDgz~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:47:00 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://onetag-sys.com/sync/i,39/y-z3jBxClE2uGreJQIwSWGsokfwFkmZDgz~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e
Connection: keep-alive
Content-Length: 0

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 8DC7
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

43 B
375 B

43ms
43ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2 200 sync
ads.servenobid.com/ Frame 8DC7 0
307 B 62ms
61ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=318&uid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H2

200

697460a5-7942-4b00-812a-621aae1939bd
onetag-sys.com/sync/i,1/ Frame D21A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/697460a5-7942-4b00-812a-621aae1939bd

0
290 B

50ms
46ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/697460a5-7942-4b00-812a-621aae1939bd

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x24
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/697460a5-7942-4b00-812a-621aae1939bd
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame D21A 0
239 B 171ms
43ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

3440549415465493157
onetag-sys.com/sync/i,34/ Frame D21A
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
https://onetag-sys.com/sync/i,34/3440549415465493157

0
290 B

49ms
45ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/3440549415465493157

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/3440549415465493157
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame D21A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm=&no_r=1&google_tc=
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

0
290 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEExOLVMOrG1v24HOLX4Zh5A&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame D21A 0
239 B 258ms
44ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

y-BP80LBhE2uFfooPp5y0Qe82wFzdq3EIZ~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e
onetag-sys.com/sync/i,39/ Frame D21A
Redirect Chain

https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=0&gdpr_consent=&redir=true&apid=UP5afe8a81-b8e3-11eb-8c51-02086762126e&verify=true
https://onetag-sys.com/sync/i,39/y-BP80LBhE2uFfooPp5y0Qe82wFzdq3EIZ~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

0
290 B

45ms
44ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,39/y-BP80LBhE2uFfooPp5y0Qe82wFzdq3EIZ~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:47:00 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://onetag-sys.com/sync/i,39/y-BP80LBhE2uFfooPp5y0Qe82wFzdq3EIZ~A~UP5afe8a81-b8e3-11eb-8c51-02086762126e
Connection: keep-alive
Content-Length: 0

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame D21A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

43 B
375 B

43ms
42ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame D21A
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=70&user_id=2142492005603680179&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

53ms
53ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame D21A 0
307 B 64ms
64ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=318&uid=ifuxXBA645eL4ZPBHXucrau7p9Tnx8438tQDz7hwBd8
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1---&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H2

200

fa6160a5-7942-4900-9e7a-554b9daa8059
onetag-sys.com/sync/i,1/ Frame 9E5A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/fa6160a5-7942-4900-9e7a-554b9daa8059

0
290 B

46ms
46ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/fa6160a5-7942-4900-9e7a-554b9daa8059

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/fa6160a5-7942-4900-9e7a-554b9daa8059
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 9E5A 0
239 B 170ms
43ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 9E5A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEOU4G2gM2LeUYoVuAJad3IM&google_cver=1

0
290 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEOU4G2gM2LeUYoVuAJad3IM&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEOU4G2gM2LeUYoVuAJad3IM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 sync
pixel.advertising.com/ups/58198/ Frame 9E5A 0
124 B 54ms
44ms Image
text/plain 52.28.254.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.254.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-28-254-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 9E5A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

43 B
375 B

44ms
44ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=66e902c2-976d-47a5-abe9-c33bcadfcea7&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 9E5A
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D5cfeef4b-723b-40de-9192-57e1824db111...
https://x.bidswitch.net/sync?dsp_id=80&user_id=697460a5-7942-4b00-812a-621aae1939bd&expires=30&ssp=onetag&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

44ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

5042875902258604398
onetag-sys.com/sync/i,34/ Frame 9E5A
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
https://onetag-sys.com/sync/i,34/5042875902258604398

0
290 B

48ms
45ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/5042875902258604398

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/5042875902258604398
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 9E5A 0
239 B 258ms
44ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215715
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

186260a5-7942-4d00-bbcb-2a0ec7d5f926
onetag-sys.com/sync/i,1/ Frame 4D15
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/186260a5-7942-4d00-bbcb-2a0ec7d5f926

0
290 B

43ms
43ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/186260a5-7942-4d00-bbcb-2a0ec7d5f926

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Server: MT3 3736 915c305 master zrh-pixel-x29
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/186260a5-7942-4d00-bbcb-2a0ec7d5f926
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 4D15 0
239 B 164ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2

200

6579650495194658645
onetag-sys.com/sync/i,34/ Frame 4D15
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
https://onetag-sys.com/sync/i,34/6579650495194658645

0
290 B

49ms
46ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/6579650495194658645

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/6579650495194658645
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame 4D15
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEPRe9B73WWYp9BJdUG33LWY&google_cver=1

0
290 B

42ms
42ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEPRe9B73WWYp9BJdUG33LWY&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:58 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEPRe9B73WWYp9BJdUG33LWY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 4D15 0
239 B 297ms
42ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=vxHYtZ938R3hW5I5JoGhHloJ9jSX188C6b7uOFgzcWw
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6f9fd0201ed801884e5299d5aabca094
Content-Type: image/gif

GET
H2 204 sync
pixel.advertising.com/ups/58198/ Frame 4D15 0
124 B 50ms
46ms Image
text/plain 52.28.254.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.28.254.214 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-28-254-214.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 4D15
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

43 B
375 B

44ms
43ms

Image
image/gif

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=3f521d63-e746-4606-ae3e-d8a522b908b6&ttl=1624049219
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 4D15
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://prod.perf-serving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://prod.perf-serving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=366&expires=14&user_id=760001bf-14d1-4d32-b621-ce96c6a7d499&ssp=onetag&user_group=1
https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

0
291 B

42ms
42ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?cb=1621457215698

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=5cfeef4b-723b-40de-9192-57e1824db111&gdpr=&gdpr_consent=&us_privacy=
date: Wed, 19 May 2021 20:47:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2542 0
753 B 69ms
67ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.48:80
AN-X-Request-Uuid: 22d7701d-9273-4600-8b64-ec75603bb21e
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A463 4 KB
4 KB 164ms
59ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=54679837&p=159448&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 2f6547e86603102883b023902f44795c64b35b9254317ed8be9cc35f47097f07

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:58 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 665A 0
754 B 51ms
50ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:58 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.154:80
AN-X-Request-Uuid: ff6c9f32-8d08-4172-8384-f79dcf8c34c8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 sync
ads.servenobid.com/ Frame 8059 0
286 B 64ms
61ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=3168481547214380716&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 8059
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D22%26buid%3DYOUR_USER_ID
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=5453823890142117016

0
75 B

63ms
63ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=5453823890142117016
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-length: 0

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
server: nginx
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=5453823890142117016
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 8059
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D86%26buid%3D$UID
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363

0
75 B

54ms
54ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:01 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.167:80
AN-X-Request-Uuid: a4648547-5ef1-4fbf-b6fb-bfe5851b679a
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 8059
Redirect Chain

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D66%26buid%3D%7Bamob_user_id%7D
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f220400caa70d0d1a6570

0
75 B

161ms
53ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f220400caa70d0d1a6570
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
content-length: 0

Redirect headers

Location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f220400caa70d0d1a6570
Date: Wed, 19 May 2021 20:47:04 GMT
Access-Control-Allow-Credentials: true
X-Powered-By: Express
Content-Length: 0
Vary: Origin

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 8059
Redirect Chain

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gd...
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0...
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8

0
75 B

53ms
53ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-length: 0

Redirect headers

date: Wed, 19 May 2021 20:47:01 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2 200 sync
ads.servenobid.com/ Frame 0B9F 0
286 B 64ms
61ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=2896210908757352161&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:58 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 0B9F
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D22%26buid%3DYOUR_USER_ID
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=7212106822793907025

0
75 B

59ms
59ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=7212106822793907025
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-length: 0

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
server: nginx
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=22&buid=7212106822793907025
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 0B9F
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D86%26buid%3D$UID
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363

0
75 B

64ms
55ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:01 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.38:80
AN-X-Request-Uuid: b9cde7de-059f-4dc6-8a5a-595236fd46ce
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=86&buid=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 0B9F
Redirect Chain

https://sync.adotmob.com/cookie/smart?r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D%26partnerid%3D66%26buid%3D%7Bamob_user_id%7D
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f2204003899af0e3c9359

0
75 B

157ms
53ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f2204003899af0e3c9359
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
content-length: 0

Redirect headers

Location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=66&buid=063f2204003899af0e3c9359
Date: Wed, 19 May 2021 20:47:04 GMT
Access-Control-Allow-Credentials: true
X-Powered-By: Express
Content-Length: 0
Vary: Origin

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 0B9F
Redirect Chain

https://eu-u.openx.net/w/1.0/cm?id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gd...
https://eu-u.openx.net/w/1.0/cm?cc=1&id=a547219b-814b-4e3e-8a4f-35c044fa1891&ph=ec81d0b7-c42e-4a42-b97a-9305af647d30&r=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0...
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8

0
75 B

75ms
53ms

Image
text/plain

185.86.137.122
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1---&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-length: 0

Redirect headers

date: Wed, 19 May 2021 20:47:01 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=&partnerid=100&buid=ab1e7290-038f-0458-09b2-e18fa3ddc3d8
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:01 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.73:80
AN-X-Request-Uuid: ef531f5d-2034-422c-bd90-2a8fcb213bc3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db&gdpr=0&gdpr_consent=&us_privacy=1---
https://p.rfihub.com/cm?in=1&pub=20513&ssp=gumgum2
https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597495218669069&expires=30&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111

35 B
237 B

67ms
66ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: //rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...

35 B
237 B

63ms
63ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:04 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=obn&i=ENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28cbayAP1k69V_R_mp3c9UxcqwRZy_Xc0UxZv9FgZheV0YJVjZ3ZVZ6gcM0EQ3BwJT%29
Date: Wed, 19 May 2021 20:47:04 GMT
Connection: close
X-TraceId: 6fd8de96f84fa2914404f9ebd65069d1
Content-Length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 20:46:59 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-492c8f51-4a31-4894-5f67-11c4904e7c39$ip$196.247.180.148

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-492c8f51-4a31-4894-5f67-11c4904e7c39$ip$196.247.180.148
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-492c8f51-4a31-4894-5f67-11c4904e7c39$ip$196.247.180.148
Date: Wed, 19 May 2021 20:47:03 GMT
Connection: keep-alive
Content-Length: 124
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-7BskspZE2pdxMWXEsEV7ns.dfBAqexGnyBvd~A

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-7BskspZE2pdxMWXEsEV7ns.dfBAqexGnyBvd~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 20:46:58 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-7BskspZE2pdxMWXEsEV7ns.dfBAqexGnyBvd~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=5d908055-b8e3-11eb-bbb3-6fc354e27b3b

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=5d908055-b8e3-11eb-bbb3-6fc354e27b3b
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=5d908055-b8e3-11eb-bbb3-6fc354e27b3b
Date: Wed, 19 May 2021 20:47:02 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 5d908056-b8e3-11eb-bbb3-6fc354e27b3b

GET
H2 204 services
sync.technoratimedia.com/ Frame 4334 0
293 B 5919ms
134ms Image
text/plain 193.122.130.38
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.130.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 217220998
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 4334 0
39 B 6532ms
153ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=Q3XbYZ4c42OMAwibqtu9&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2UJTLBRFSWRUMM2DET2NIF3WSYTROR2TSJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Q3XbYZ4c42OMAwibqtu9&us_privacy=1---

35 B
237 B

63ms
63ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Q3XbYZ4c42OMAwibqtu9&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:06 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:06 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=Q3XbYZ4c42OMAwibqtu9&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583

35 B
237 B

63ms
63ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:05 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583
date: Wed, 19 May 2021 20:47:05 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
sync.targeting.unrulymedia.com/csync/ Frame 4334
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6389767606
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6389767606
https://sync.1rx.io/usersync/tradedesk/a7d8e4f0-f248-4b00-b186-73db41d41199
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

43 B
395 B

66ms
45ms

Image
image/gif

213.19.147.45
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.45 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
server: Tengine
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-store, no-cache, must-revalidate
server: Tengine
content-type: text/html
expires: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 4334
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=RwzxRmVe7rho&ev=1&pid=558355

35 B
237 B

69ms
69ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=RwzxRmVe7rho&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=RwzxRmVe7rho&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-686fd4fb4c-g94hc
expires: -1

GET
H2 200 sync
ads.servenobid.com/ Frame 4334 0
300 B 90ms
89ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_7d91ccf3-113a-4ba6-9245-caf1d3d1c5db
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame C5AA
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=

35 B
237 B

74ms
68ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3736 915c305 master zrh-pixel-x28
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=e90060a5-7942-4900-b282-6ef7eae0799b&gdpr=0&gdpr_consent=
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 43CF
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4
https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4

35 B
237 B

63ms
63ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQABKKz1SQA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1SQA4
accept-ranges: bytes
date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 varnish
x-served-by: cache-hhn4021-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1621457226.943054,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame FE06 170 B
188 B 56ms
55ms Document
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV83ZDkxY2NmMy0xMTNhLTRiYTYtOTI0NS1jYWYxZDNkMWM1ZGI=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV83ZDkxY2NmMy0xMTNhLTRiYTYtOTI0NS1jYWYxZDNkMWM1ZGI=&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmsu1Yn2tsJBHzl-hfl6Sd7kEKKZip3fep3_N0GFEDQQXI6xy9sUEL5_8yFMzw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

content-type: image/png
date: Wed, 19 May 2021 20:46:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 800F 8 KB
3 KB 104ms
98ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=77125
expires: Thu, 20 May 2021 18:12:24 GMT
date: Wed, 19 May 2021 20:46:59 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame E632 0
0 3900ms
135ms Document
text/plain 67.202.110.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-110.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP005
date: Wed, 19 May 2021 20:47:01 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 0C2D
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219

35 B
237 B

67ms
67ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&t=1624049219
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; domain=.adsrvr.org; expires=Thu, 19-May-2022 20:46:59 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwjC3O-nv8TNORAFOAE.; domain=.adsrvr.org; expires=Thu, 19-May-2022 20:46:59 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 5DD9 0
0 3579ms
63ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

content-type: text/html
date: Wed, 19 May 2021 20:47:01 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 40D7
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA

35 B
237 B

68ms
67ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Wed, 19 May 2021 20:47:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf4QAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 2
X-SO-HostName: m-ad251.dc4p.scaleout.jp
X-SO-LB-Hostname: a-tgng40016.dc2p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":59,"gdpr":true,"ipv4":"0.0.0.0","key":"YKV5SMCo5ucAALpjf4QAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad251"}
X-SO-Key: YKV5SMCo5ucAALpjf4QAAAAA
X-SO-IP: 196.247.180.148
X-SO-Cluster-ID: 59
X-SO-Upstream-ID: m-ad251

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame C3AE
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069

35 B
237 B

67ms
67ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1871597495218669069
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDUytDAzszQwsxTiM9T1NnG1yIusDPD1dA6U4jU0MzI0MTUHqrCwNAIAAml0YTQAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 20:46:58 GMT; Secure; SameSite=None eud=H4sIAAAAAAAAAFslxmtoZmRoYmpuZGhhaWF0ShyJb2FpBAAvvYdoIAAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 20:46:58 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDUytDAzszQwsxTiM9T1NnG1yIusDPD1dA4EAKR9RnQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame AEED
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1

35 B
237 B

288ms
288ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 19 May 2021 20:47:00 GMT Wed, 19 May 2021 20:47:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363

35 B
237 B

66ms
66ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:01 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.90:80
AN-X-Request-Uuid: b4f295be-ceba-4e5b-a940-6bab90e5ba58
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=7479704688393846363
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_c9e7e765-a800-4084-b844-7a1ed5431f25&gdpr=0&gdpr_consent=&us_privacy=1---
https://p.rfihub.com/cm?in=1&pub=20513&ssp=gumgum2
https://x.bidswitch.net/sync?dsp_id=119&user_id=1871597495218669069&expires=30&ssp=gumgum2
https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: //rtb.gumgum.com/usersync?b=bsw&i=5cfeef4b-723b-40de-9192-57e1824db111
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET redirectObuid
sync.outbrain.com/ Frame C7C4 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 20:46:59 GMT
content-encoding: gzip
server: OXGW/16.207.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=6ab331ba-8fa9-47eb-9308-871c43d40c46
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=sta&i=0-745968ca-4578-4928-75cb-b8d6e7f61141$ip$196.247.180.148

35 B
237 B

70ms
70ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-745968ca-4578-4928-75cb-b8d6e7f61141$ip$196.247.180.148
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-745968ca-4578-4928-75cb-b8d6e7f61141$ip$196.247.180.148
Date: Wed, 19 May 2021 20:47:03 GMT
Connection: keep-alive
Content-Length: 124
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-1.N1Vq1E2pdUcMVCLZMqqalFyecpW1vophPL~A

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-1.N1Vq1E2pdUcMVCLZMqqalFyecpW1vophPL~A
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Wed, 19 May 2021 20:46:58 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-1.N1Vq1E2pdUcMVCLZMqqalFyecpW1vophPL~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%...
https://rtb.gumgum.com/usersync?b=vnt&i=5da60381-b8e3-11eb-b636-898e4fcc48fa

35 B
237 B

68ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=5da60381-b8e3-11eb-b636-898e4fcc48fa
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:03 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=5da60381-b8e3-11eb-b636-898e4fcc48fa
Date: Wed, 19 May 2021 20:47:02 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 5da60382-b8e3-11eb-b636-898e4fcc48fa

GET
H2 204 services
sync.technoratimedia.com/ Frame C7C4 0
290 B 5908ms
136ms Image
text/plain 193.122.130.38
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=1---&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 193.122.130.38 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 1857006
access-control-allow-origin: https://g2.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame C7C4 0
16 B 6519ms
152ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142?redir=http%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
content-length: 0
server: b

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_c9e7e765-a800-4084-b844-7a1ed5431f25&gdpr=0&gdpr_consent=&us_privacy=1---
https://stags.bluekai.com/site/23178?id=g_wl7PS2nxhgb5Prckjl&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2...
https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS64TUMIXGO5LNM52W2LTDN5WS65LTMVZHG6LOMM7WEPL2MVWSMZLYMNUGC3THMU6WO5LNM52W2JTHMRYHEPJQEZUT2Z27O5WDOUCTGJXHQ2DHMI2VA4TDNNVGYJTVONPXA...
https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=g_wl7PS2nxhgb5Prckjl&us_privacy=1---

35 B
237 B

63ms
62ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=g_wl7PS2nxhgb5Prckjl&us_privacy=1---
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:06 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:06 GMT
P3p: CP="We do not support P3P header."
Location: https://rtb.gumgum.com/usersync?b=zem&gdpr=0&i=g_wl7PS2nxhgb5Prckjl&us_privacy=1---
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 118
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583

35 B
237 B

63ms
63ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:05 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=f9029040-fe85-4749-8983-3fe6c009a583
date: Wed, 19 May 2021 20:47:05 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=221165185
https://sync.1rx.io/usersync/tradedesk/3f521d63-e746-4606-ae3e-d8a522b908b6
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Drhy%26i%3DRX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=rhy&i=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
date: Wed, 19 May 2021 20:46:59 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXe5e66d42c860459784d299d59423e3d2003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame C7C4
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=MfgDaI1DlExb&ev=1&pid=558355

35 B
237 B

67ms
67ms

Image
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=MfgDaI1DlExb&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://rtb.gumgum.com/usersync?b=pln&i=MfgDaI1DlExb&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-686fd4fb4c-z9ljc
expires: -1

GET
H2 200 sync
ads.servenobid.com/ Frame C7C4 0
300 B 89ms
89ms Image
image/avif 52.210.177.43
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.177.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-210-177-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 19 May 2021 20:46:59 GMT
access-control-allow-credentials: true
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
content-length: 0
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 02AB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=

35 B
237 B

68ms
68ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3736 915c305 master zrh-pixel-x12
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://rtb.gumgum.com/usersync?b=mmh&i=697460a5-7942-4b00-812a-621aae1939bd&gdpr=0&gdpr_consent=
Expires: Wed, 19 May 2021 20:46:57 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 74DC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg
https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg

35 B
237 B

64ms
63ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YKV5SQAA9JVCaQBg&gdpr=0&gdpr_consent=&_test=YKV5SQAA9JVCaQBg
accept-ranges: bytes
date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 varnish
x-served-by: cache-hhn4021-HHN
x-cache: HIT
x-cache-hits: 0
x-timer: S1621457226.941469,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3-29 200 pixel Show response
cm.g.doubleclick.net/ Frame 98D4 170 B
188 B 65ms
58ms Document
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9jOWU3ZTc2NS1hODAwLTQwODQtYjg0NC03YTFlZDU0MzFmMjU=&gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV9jOWU3ZTc2NS1hODAwLTQwODQtYjg0NC03YTFlZDU0MzFmMjU=&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmsu1Yn2tsJBHzl-hfl6Sd7kEKKZip3fep3_N0GFEDQQXI6xy9sUEL5_8yFMzw
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

content-type: image/png
date: Wed, 19 May 2021 20:46:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3698 8 KB
3 KB 87ms
80ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

last-modified: Wed, 21 Oct 2020 18:57:29 GMT
etag: "1300708-1f78-5b232eb4914bb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 2654
content-type: text/html; charset=UTF-8
cache-control: max-age=77125
expires: Thu, 20 May 2021 18:12:24 GMT
date: Wed, 19 May 2021 20:46:59 GMT
vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 2C1F 0
0 3885ms
135ms Document
text/plain 67.202.110.23
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip23.67-202-110.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Wed, 19 May 2021 20:47:02 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame A6B6
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219

35 B
237 B

68ms
68ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=290056e6-8a63-4737-af34-8e685a15573e&t=1624049219
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=290056e6-8a63-4737-af34-8e685a15573e; domain=.adsrvr.org; expires=Thu, 19-May-2022 20:46:59 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwiA9PCov8TNORAFOAE.; domain=.adsrvr.org; expires=Thu, 19-May-2022 20:46:59 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 um
cs.emxdgt.com/ Frame 2B3B 0
0 3564ms
63ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

content-type: text/html
date: Wed, 19 May 2021 20:47:01 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7226
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA

35 B
237 B

63ms
63ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:04 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Wed, 19 May 2021 20:47:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YKV5SMCo5ucAALpjf8YAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 2
X-SO-HostName: m-ad322.dc4p.scaleout.jp
X-SO-LB-Hostname: a-tgng40016.dc2p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":2,"gdpr":true,"ipv4":"0.0.0.0","key":"YKV5SMCo5ucAALpjf8YAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad322"}
X-SO-Key: YKV5SMCo5ucAALpjf8YAAAAA
X-SO-IP: 196.247.180.148
X-SO-Cluster-ID: 2
X-SO-Upstream-ID: m-ad322

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D73F
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069

35 B
237 B

66ms
66ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1871597495218669069
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Wed, 19 May 2021 20:46:58 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDUytDAzszQwsxTiM9T1NnG1yIusDPD1dA6U4jU0MzI0MTUHqrCwNAIAAml0YTQAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 20:46:58 GMT; Secure; SameSite=None eud=H4sIAAAAAAAAAFslxmtoZmRoYmpuZGhhaWF2ShyJb2FpBADgmo8bIAAAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 13 Jun 2022 20:46:58 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDUytDAzszQwsxTiM9T1NnG1yIusDPD1dA4EAKR9RnQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1871597495218669069
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D49C
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1

35 B
237 B

288ms
287ms

Document
image/gif

52.48.175.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.175.241 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://g2.gumgum.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: vst=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://g2.gumgum.com/

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Wed, 19 May 2021 20:47:00 GMT Wed, 19 May 2021 20:47:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=c4ShmCHtDgqfzWSi1oMp&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 9892 35 B
478 B 2302ms
44ms Document
image/gif 37.157.4.39
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.39 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: C=1; uid=5042875902258604398
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=5042875902258604398; expires=Sun, 18 Jul 2021 20:47:01 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 pubmatic Show response
d5p.de17a.com/getuid/ Frame C898 35 B
134 B 421ms
64ms Document
image/gif 213.155.156.184
TELIANET Telia Ca...

General

Check archive.org

Show headers Download Go to

Full URL: https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 213.155.156.184 , Sweden, ASN1299 (TELIANET Telia Carrier, SE),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

:method: GET
:authority: d5p.de17a.com
:scheme: https
:path: /getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

content-length: 35
content-type: image/gif
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 2FCD 43 B
304 B 7526ms
77ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Wed, 19 May 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1379
date: Wed, 19 May 2021 20:47:05 GMT
content-length: 43

GET

adx
match.prod.bidr.io/cookie-sync/ Frame B370
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEd25VN0JTdk1BQUN5VUNETExVZw&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

0
0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2245
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960

42 B
520 B

172ms
57ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-6964105731786274960; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:01 GMT; path=/ PugT=1621457221; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:01 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:01 GMT; path=/
x-lat: lhrpug007:0:481
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Wed, 19 May 2021 20:47:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6964105731786274960; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6964105731786274960

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 13ED 43 B
408 B 2405ms
50ms Document
image/gif 72.251.241.196
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.196 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Date: Wed, 19 May 2021 20:47:01 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-5
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame A463
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=r7Dv-n4nQXmNjwLxThYHtA%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

50ms
50ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
content-encoding: gzip
last-modified: Wed, 21 Oct 2020 18:57:29 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-1f78-5b232eb4914bb"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=77125
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 2654
expires: Thu, 20 May 2021 18:12:24 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=186260a5-7942-4d00-bbcb-2a0ec7d5f926

0
128 B

2103ms
87ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=186260a5-7942-4d00-bbcb-2a0ec7d5f926
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:14:51 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 19 May 2021 20:46:59 GMT
Server: MT3 3736 915c305 master zrh-pixel-x11
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=186260a5-7942-4d00-bbcb-2a0ec7d5f926
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:58 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame A463
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=a7d8e4f0-f248-4b00-b186-73db41d41199&icm
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=d39e47efb47dcb6c803e331bcba37752
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=bfe74f50-db78-46e7-9f68-b8c91cb53622&icm
https://spl.zeotap.com/?zdid=1332&zcluid=a0e9074257181905
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zclui...
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zclu...
https://mwzeom.zeotap.com/mw?google_gid=CAESEHjtYLW4j7-mZ06eXrCsUaE&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a83...

95 B
200 B

24ms
24ms

Image
image/png

2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEHjtYLW4j7-mZ06eXrCsUaE&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zcluid=a0e9074257181905&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:06 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 65202dae99bec2b3-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a27fae11e0000c2b3b7b51000000001

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:05 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEHjtYLW4j7-mZ06eXrCsUaE&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=d18604a1-70c8-411a-7a3f-2ca8dfc1072b&reqId=468a8e00-4738-4c1f-595b-a831438f292c&zcluid=a0e9074257181905&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUZCMEVGRkEtN0UyNy00MTc5LThEOEYtMDJGMTRFMTYwN0I0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
341 B

2068ms
446ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-store, no-cache, private
x-lat: amspug017:0:315
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFkV8FF4WQBOUjHEEerU6eA&google_cver=1

42 B
283 B

2069ms
447ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFkV8FF4WQBOUjHEEerU6eA&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
cache-control: no-store, no-cache, private
x-lat: amspug020:0:527
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFkV8FF4WQBOUjHEEerU6eA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame A463 43 B
609 B 2016ms
77ms Image
image/gif 159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Tue, 18 May 2021 20:47:01 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&gdpr=0&gdpr_consent=

42 B
340 B

2035ms
59ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug008:0:394
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 19 May 2021 20:46:59 GMT
Server: MT3 3736 915c305 master zrh-pixel-x15
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 19 May 2021 20:46:58 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5042875902258604398

42 B
233 B

53ms
53ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5042875902258604398
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug019:0:527
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5042875902258604398
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad

42 B
295 B

1985ms
59ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug010:0:1983
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3cc35c46-0dbc-45b0-b25b-f75c55ff54ad
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7479704688393846363&gdpr=0&gdpr_consent=

42 B
289 B

2079ms
446ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7479704688393846363&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:406
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:59 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.53:80
AN-X-Request-Uuid: 262e763d-4f01-4a32-a85e-691dcfd60b6f
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=7479704688393846363&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 AFB0EFFA-7E27-4179-8D8F-02F14E1607B4
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame A463 43 B
203 B 40ms
32ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/AFB0EFFA-7E27-4179-8D8F-02F14E1607B4?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:46:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QXl1bE9E2uW0HDwQtiKwIYwm2hI2Ehw-~A&gdpr=0&gdpr_consent=

0
260 B

839ms
86ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QXl1bE9E2uW0HDwQtiKwIYwm2hI2Ehw-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 19:14:13 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Wed, 19 May 2021 20:47:00 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-QXl1bE9E2uW0HDwQtiKwIYwm2hI2Ehw-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy

42 B
427 B

2099ms
446ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:00 GMT
cache-control: no-store, no-cache, private
x-lat: amspug019:0:428
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://event.clientgear.com/cookie/bidswitch?partner=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=5cfeef4b-723b-40de-9192-57e1824db111
https://x.bidswitch.net/sync?dsp_id=257&user_id=mk9cb99690-daf4-4436-b044-9d444755662c&expires=7&user_group=5&ssp=pubmatic&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111
https://x.bidswitch.net/ul_cb/sync?dsp_id=257&user_id=mk9cb99690-daf4-4436-b044-9d444755662c&expires=7&user_group=5&ssp=pubmatic&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2934fa37-3195-40b9-8d8e-e9aa38f5e743&gdpr=&gdpr_consent=&gdpr_pd=

1 B
186 B

53ms
52ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2934fa37-3195-40b9-8d8e-e9aa38f5e743&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:06 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug008:0:342
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=2934fa37-3195-40b9-8d8e-e9aa38f5e743&gdpr=&gdpr_consent=&gdpr_pd=
date: Wed, 19 May 2021 20:47:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4256221538649928137&gdpr=0&gdpr_consent=&us_privacy=

1 B
187 B

2042ms
58ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4256221538649928137&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug009:0:434
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4256221538649928137&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Wed, 19 May 2021 20:46:59 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YKV5SQABKKz1YAA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1YAA4

1 B
393 B

52ms
51ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YKV5SQABKKz1YAA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1YAA4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:06 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:406
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1621457226.949560,VS0,VE0
x-served-by: cache-hhn4021-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YKV5SQABKKz1YAA4&gdpr=0&gdpr_consent=&_test=YKV5SQABKKz1YAA4
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A463
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1c9e9bd9-55f0-4a14-996c-d1a4b539dad6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
110 B

53ms
52ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1c9e9bd9-55f0-4a14-996c-d1a4b539dad6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:315
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1c9e9bd9-55f0-4a14-996c-d1a4b539dad6&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Wed, 19 May 2021 20:47:01 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame A463 0
104 B 100ms
65ms Image
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:01 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 522C 38 KB
14 KB 49ms
47ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52291
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:59 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame F625 38 KB
14 KB 49ms
49ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KCCH=YES; KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52291
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:46:59 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E17F 0
753 B 143ms
54ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:59 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.55:80
AN-X-Request-Uuid: bcdb7bc6-e6fc-4ca5-b887-583e5df40088
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E329 0
753 B 139ms
47ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:59 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.45:80
AN-X-Request-Uuid: 4b641e8a-45b6-4a8b-8cda-082dc67f0c55
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2542 0
753 B 82ms
50ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:59 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.223.48:80
AN-X-Request-Uuid: 05dd4866-7d5d-4171-b113-912171ae7549
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 665A 0
753 B 81ms
53ms Script
text/html 185.33.221.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.53 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

718.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:46:59 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.68:80
AN-X-Request-Uuid: 38e44324-d2d6-4c84-9017-d3a0b6cf88c7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame A463 0
375 B 179ms
71ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=159448&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cnection: close
date: Wed, 19 May 2021 20:47:00 GMT
content-encoding: gzip
server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache
content-type: text/plain; charset=utf-8

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 72C9 38 KB
14 KB 49ms
49ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

server: Apache/2.2.15 (CentOS)
last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52289
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:47:01 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 1CAB 38 KB
14 KB 49ms
49ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52289
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:47:01 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 5714 38 KB
14 KB 46ms
46ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; chkChromeAb67Sec=1; DPSync3=1621468800%3A174%7C1622592000%3A197_219_201; SyncRTB3=1621987200%3A223_15_2%7C1622246400%3A63%7C1623974400%3A203%7C1622592000%3A81_71_7_3_13_161_54_8_165_220_21_22_56_166%7C1622678400%3A35; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; repi=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52289
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:47:01 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 72C9 4 KB
4 KB 51ms
51ms Script
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=52391356&p=159448&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: abe73d737072ffb8bb3b4e80fb6cbb254819601a29cbbd12f20a28b5c4bbf84b

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:01 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7C01
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0

0
88 B

52ms
51ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230; KRTBCOOKIE_1074=22956-e_c9e7e765-a800-4084-b844-7a1ed5431f25; PugT=1621457222; KRTBCOOKIE_594=17105-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&KRTB&17107-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug008:2:212
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=b2059fa1-3c81-4e28-ade3-1c5ce113fda0; path=/; domain=csync.loopme.me; Expires=Sat, 19-Jun-2021 20:47:02 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie=$UID&gdpr=0
content-length: 0
date: Wed, 19 May 2021 20:47:02 GMT
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A784
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&rndcb=1120848124
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=adconductor&bds_param=5cfeef4b-723b-40de-9192-57e1824db111
https://x.bidswitch.net/sync?dsp_id=340&user_id=a6e74313-f8b2-4a98-a58f-66cb0f63237c&expires=10&ssp=adconductor&bsw_param=5cfeef4b-723b-40de-9192-57e1824db111
https://sync.1rx.io/usersync/bidswitch/5cfeef4b-723b-40de-9192-57e1824db111?gdpr=&gdpr_consent=
https://sync.targeting.unrulymedia.com/csync/RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003

42 B
271 B

52ms
52ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230; KRTBCOOKIE_1074=22956-e_c9e7e765-a800-4084-b844-7a1ed5431f25; PugT=1621457222
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:02 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17105-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&KRTB&17107-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:02 GMT; path=/ PugT=1621457222; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:02 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:02 GMT; path=/
x-lat: lhrpug015:0:454
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003%22%7D; path=/; expires=Thu, 19 May 2022 20:47:02 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
etag: RXe5e66d42c860459784d299d59423e3d2003

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 7AE0
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf

42 B
371 B

47ms
47ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230; KRTBCOOKIE_1074=22956-e_c9e7e765-a800-4084-b844-7a1ed5431f25; KRTBCOOKIE_594=17105-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&KRTB&17107-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003; KRTBCOOKIE_860=16335-RpmcI-JQTUx7Oc-dALF1U8T3tJQ; PugT=1621457223
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:01 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_409=22966-jsUeDaGrYMxo4NbiOwbNW1Zf; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:01 GMT; path=/ PugT=1621457221; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:01 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:01 GMT; path=/
x-lat: amspug014:0:391
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Wed, 19 May 2021 20:47:03 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=jsUeDaGrYMxo4NbiOwbNW1Zf; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=jsUeDaGrYMxo4NbiOwbNW1Zf
strict-transport-security: max-age=0; includeSubDomains;

GET
H2 200 dpe Show response
ad4m.at/ad/ Frame 8463 42 B
992 B 40ms
24ms Document
image/gif 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 19 May 2021 20:47:02 GMT
content-type: image/gif
content-length: 42
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7d3s
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-request-id: 0a27fad18f0000d72d359e5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65202d95beacd72d-FRA

GET
H2

200

i.match Show response
s.tribalfusion.com/z/ Frame D9B6
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...

43 B
443 B

182ms
181ms

Document
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: s.tribalfusion.com
:scheme: https
:path: /z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: ANON_ID=aMnoeUR3YWy7UXuTubAJp8P9beNTFanqK1YDAS3H
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 19 May 2021 20:47:02 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=arnseFNZaiMiAmemFmDwuNYFprMogQrGXk4wTfF9SZccAWv30GU6JUCuuIDc6ZbeVm7Zc9m9ZaZa1ZbmgX6nTKicHaM; path=/; domain=.tribalfusion.com; expires=Tue, 17-Aug-2021 20:47:02 GMT; SameSite=None; Secure; ANON_ID_old=arnseFNZaiMiAmemFmDwuNYFprMogQrGXk4wTfF9SZccAWv30GU6JUCuuIDc6ZbeVm7Zc9m9ZaZa1ZbmgX6nTKicHaM; path=/; domain=.tribalfusion.com; expires=Tue, 17-Aug-2021 20:47:02 GMT;
cf-cache-status: DYNAMIC
cf-request-id: 0a27fad23c00002c26ae026000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65202d96cb902c26-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 206
x-reuse-index: 27
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aMnoeUR3YWy7UXuTubAJp8P9beNTFanqK1YDAS3H; path=/; domain=.tribalfusion.com; expires=Tue, 17-Aug-2021 20:47:02 GMT; SameSite=None; Secure; ANON_ID_old=aMnoeUR3YWy7UXuTubAJp8P9beNTFanqK1YDAS3H; path=/; domain=.tribalfusion.com; expires=Tue, 17-Aug-2021 20:47:02 GMT;
location: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
cf-cache-status: DYNAMIC
cf-request-id: 0a27fad18f00002c26ceb56000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 65202d95b93d2c26-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1297
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=557219&ev=1&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&piggybackCookie=%%VGUID%%
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219

1 B
68 B

54ms
53ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230; KRTBCOOKIE_1074=22956-e_c9e7e765-a800-4084-b844-7a1ed5431f25; PugT=1621457222
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html; charset=utf-8
content-length: 1
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:02 GMT; path=/
x-lat: lhrpug016:0:423
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-686fd4fb4c-g94hc
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: en-US
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzMxOSZ0bD0xMjk2MDA=&ev=1&ev=1&piggybackCookie=4bexkuCpOMgH&pid=557219
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame FFAD 0
44 B 3446ms
152ms Document
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw%26piggybackCookie%3D%24%7BDI_USER_ID%7D&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MzAmdGw9MTI5NjAw%26piggybackCookie%3D%24%7BDI_USER_ID%7D&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Wed, 19 May 2021 20:47:05 GMT
server: b

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 81FF
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
53 B

52ms
50ms

Document
text/plain

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: t_gid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 varnish
x-served-by: cache-hhn11548-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1621457225.230478,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9;Version=1;Path=/;Domain=.taboola.com;Expires=Thu, 19-May-2022 20:47:05 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=6523c3e0-c2c4-4d45-9448-106b40bf60f6-tuct79efec9&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 varnish
x-served-by: cache-hhn11548-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1621457225.131117,VS0,VE55
x-vcl-time-ms: 55
content-length: 0

GET
H2

200

check Show response
pixel.tapad.com/idsync/ex/receive/ Frame 9BBA
Redirect Chain

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxODQmdGw9MTU3NjgwMA==&r=https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB&partner_device_id=${PUBMATIC_UID}
https://pixel.tapad.com/idsync/ex/receive?partner_id=PUBMATIC_RTB
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

95 B
165 B

61ms
61ms

Document
image/png

35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.36.v20210114) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: pixel.tapad.com
:scheme: https
:path: /idsync/ex/receive/check?partner_id=PUBMATIC_RTB
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: TapAd_TS=1621457223174; TapAd_DID=8850c627-9e35-4639-b37f-6e2dd9441c9d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

date: Wed, 19 May 2021 20:47:03 GMT
strict-transport-security: max-age=31536000
content-type: image/png
content-length: 95
server: Jetty(9.4.36.v20210114)
via: 1.1 google
alt-svc: clear

Redirect headers

date: Wed, 19 May 2021 20:47:03 GMT
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
set-cookie: TapAd_TS=1621457223174;Expires=Sun, 18 Jul 2021 20:47:03 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None TapAd_DID=8850c627-9e35-4639-b37f-6e2dd9441c9d;Expires=Sun, 18 Jul 2021 20:47:03 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=PUBMATIC_RTB
content-length: 0
server: Jetty(9.4.36.v20210114)
via: 1.1 google
alt-svc: clear

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 62BD
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=

42 B
366 B

52ms
52ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:05 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_107=1471-uid:2ielJict1LJt5T5; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:05 GMT; path=/ PugT=1621457225; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:05 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:05 GMT; path=/
x-lat: lhrpug007:0:419
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Wed, 19 May 2021 20:47:04 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:2ielJict1LJt5T5&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/v2.0.30-649-g03fe1b8#rel-ec2-master i-06dc1c09a183d011e@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=2ielJict1LJt5T5; Domain=.w55c.net; Expires=Sun, 19-Jun-2022 20:47:05 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Fri, 18-Jun-2021 20:47:05 GMT; Path=/; SameSite=None; Secure
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 23A2
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ

42 B
375 B

54ms
54ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230; KRTBCOOKIE_1074=22956-e_c9e7e765-a800-4084-b844-7a1ed5431f25; PugT=1621457222; KRTBCOOKIE_594=17105-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003&KRTB&17107-RX-e5e66d42-c860-4597-84d2-99d59423e3d2-003
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:03 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_860=16335-RpmcI-JQTUx7Oc-dALF1U8T3tJQ; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:03 GMT; path=/ PugT=1621457223; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 18-Jun-2021 20:47:03 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:03 GMT; path=/
x-lat: lhrpug005:0:1128
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Wed, 19 May 2021 20:47:02 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=RpmcI-JQTUx7Oc-dALF1U8T3tJQ
Set-Cookie: sa-user-id=s%3A0-46999c23-e250-4d4c-7b39-cf9d00b17553.rGliHNCQbuBF2FLHVgUFN2yEvjF15KC18%2BJzVMe1jDY; Max-Age=31536000; Secure; SameSite=None sa-user-id-v2=s%3A0-46999c23-e250-4d4c-7b39-cf9d00b17553%24ip%24196.247.180.148.jSHCOZawPEGPSfHa2ixayIMRVDKntEWP8CNF04TJ45w; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None
Content-Length: 159
Connection: keep-alive

GET
H/1.1 200
OK usersync Show response
match.bnmla.com/ Frame E688 0
114 B 3426ms
133ms Document
text/plain 38.27.122.158
COGENT-174

General

Check archive.org

Show headers Download Go to

Full URL: https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Host: match.bnmla.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Server: nginx
Date: Wed, 19 May 2021 20:47:05 GMT
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7AD3
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6

1 B
144 B

52ms
52ms

Document
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html; charset=utf-8
content-length: 1
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 17-Aug-2021 20:47:02 GMT; path=/
x-lat: lhrpug009:0:410
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: nginx
date: Wed, 19 May 2021 20:47:02 GMT
content-type: text/html
content-length: 154
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:06CFA6EF7A634447A11B6139D95D7CA6
expires: Tue, 18 May 2021 20:47:02 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame 72C9
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&addseg=21

7 B
87 B

157ms
52ms

Image
text/plain

185.64.190.106
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&addseg=21
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.190.106 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
content-length: 7
content-type: text/plain; charset=utf-8

Redirect headers

date: Wed, 19 May 2021 20:47:05 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&addseg=21
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 72C9
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

51ms
50ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Hjørring, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:03 GMT
frontend-id: 4
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:04 GMT
frontend-id: 13
location: /pubmatic/1/info2?sType=sync&sExtCookieId=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 72C9 95 B
490 B 51ms
32ms Image
image/png 2606:4700:10::ac43:db6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:db6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:02 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 65202d95bd0bc2b3-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 0a27fad1960000c2b3e0054000000001

GET
H2

204

/
loadm.exelator.com/load/ Frame 72C9
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0
https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1

0
2 KB

52ms
51ms

Image
text/plain

18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Wed, 19 May 2021 20:47:05 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=71&buid=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4&gdpr=0&gdpr_consent=&j=0&xl8blockcheck=1
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 72C9
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=

42 B
359 B

56ms
56ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:03 GMT
cache-control: no-store, no-cache, private
x-lat: amspug014:0:365
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 20:47:05 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 72C9
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA%3D%26piggybackCookie%3D%24UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3025894784023171278

42 B
110 B

52ms
51ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3025894784023171278
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:05 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug011:0:360
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 20:47:05 GMT
X-Proxy-Origin: 196.247.180.148; 196.247.180.148; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.72:80
AN-X-Request-Uuid: d3b57775-4ffa-4fcb-8e12-3bc4575151ef
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=3025894784023171278
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 72C9
Redirect Chain

https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_c9e7e765-a800-4084-b844-7a1ed5431f25

42 B
304 B

52ms
51ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_c9e7e765-a800-4084-b844-7a1ed5431f25
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:02 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug017:0:443
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw&piggybackCookie=e_c9e7e765-a800-4084-b844-7a1ed5431f25
date: Wed, 19 May 2021 20:47:02 GMT
p3p: CP="This is not a P3P policy"
server: nginx
timing-allow-origin: *
content-length: 0
content-language: en-US

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 72C9
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5db93de4-b8e3-11eb-ba32-a5ffe5b97bb0&gdpr=0&gdpr_consent=

1 B
217 B

55ms
54ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5db93de4-b8e3-11eb-ba32-a5ffe5b97bb0&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:03 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:629
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5db93de4-b8e3-11eb-ba32-a5ffe5b97bb0&gdpr=0&gdpr_consent=
Date: Wed, 19 May 2021 20:47:02 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 5db93de5-b8e3-11eb-ba32-a5ffe5b97bb0

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 522C 38 KB
14 KB 82ms
81ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; repi=1; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52288
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:47:02 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame F625 38 KB
14 KB 81ms
80ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: KADUSERCOOKIE=AFB0EFFA-7E27-4179-8D8F-02F14E1607B4; KRTBCOOKIE_1101=23040-6964105731786274960; PUBMDCID=3; KRTBCOOKIE_22=14911-4256221538649928137; KRTBCOOKIE_27=16735-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&16736-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23019-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926&KRTB&23114-uid:186260a5-7942-4d00-bbcb-2a0ec7d5f926; KRTBCOOKIE_377=6810-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&22918-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad&KRTB&23031-3cc35c46-0dbc-45b0-b25b-f75c55ff54ad; KRTBCOOKIE_57=22776-7479704688393846363; KRTBCOOKIE_153=19420-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy&KRTB&22979-ephzIXuRJidhmSAnLs4_JXTNJiZhmyUmeZmqGzPy; KRTBCOOKIE_80=22987-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&16514-CAESEFkV8FF4WQBOUjHEEerU6eA&KRTB&23025-CAESEFkV8FF4WQBOUjHEEerU6eA; SPugT=1621457220; KRTBCOOKIE_391=22924-5042875902258604398&KRTB&23263-5042875902258604398; PugT=1621457221; repi=1; chkChromeAb67Sec=2; DPSync3=1621468800%3A174%7C1622592000%3A219_201_221_226_227_232_197; SyncRTB3=1621987200%3A15_2_67_223%7C1626566400%3A69%7C1623974400%3A203%7C1622678400%3A35%7C1622246400%3A63%7C1622592000%3A161_220_55_204_233_57_3_99_222_71_8_88_231_7_78_13_176_104_189_21_22_234_81_54_165_5_56_166_230
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

last-modified: Tue, 11 May 2021 05:24:02 GMT
etag: "13006b6-96ca-5c2071a26cca4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13964
content-type: text/html; charset=UTF-8
cache-control: public, max-age=52288
expires: Thu, 20 May 2021 11:18:30 GMT
date: Wed, 19 May 2021 20:47:02 GMT
vary: Accept-Encoding

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 522C 0
39 B 52ms
52ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=98545232&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:02 GMT
content-length: 0

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 72C9 0
154 B 54ms
54ms Script
text/plain 185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=159448&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 20:47:03 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET dc_oe=ChMI-4iE687W8AIV0AfgCh3IMwdfEAAYACCI_6A_;met=1;&timestamp=1621457226632;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 5AD7 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.irctc.co.in
URL: https://www.irctc.co.in/eticketing/StationLinguisticNames?hl=en_hi

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1

Domain: ade.googlesyndication.com
URL: https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI-4iE687W8AIV0AfgCh3IMwdfEAAYACCI_6A_;met=1;&timestamp=1621457226632;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Verdicts & Comments Add Verdict or Comment

233 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:45:53	Name: IDE Value: AHWqTUnnBzhAMF1yJcK7lcPUCKk5m-l2pHTymKysROKp8WqnP8KbLs7pinAubFERM9U
.google.com/recaptcha	1970-01-19 22:43:29	Name: _GRECAPTCHA Value: 09ANblmnjL58aPNoE8czl0aPQ0y_a32XSdbAAeSlR6qojn825JYL_yEanNs9rV4-ptMnd6HoX7SjM9bwn8S4P573g
.irctc.co.in/	1970-01-20 11:55:29	Name: _ga Value: GA1.3.1232543964.1621457207
.irctc.co.in/	1970-01-20 03:45:53	Name: __gads Value: ID=4336dfb88879354c-227640cc19c800e2:T=1621457212:S=ALNI_MYc8gnjfRz_FEH_JrU8UcQkcJDQCA
www.irctc.co.in/	1969-12-31 23:59:59	Name: et_app Value: 3f0da3836fcf3cc6ea5cc8a8daa2a51d634be71747103736a9ca759f5dd611a39ecd038b
www.irctc.co.in/	1969-12-31 23:59:59	Name: JSESSIONID Value: jkCGYYgE1zBazW_bA1v5UPNxfiX1ardbIHkppttKnWZLpkfl_945!2115200557
.irctc.co.in/	1970-01-19 18:25:43	Name: _gid Value: GA1.3.2012370895.1621457207

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

38a76fb5fba00ee610bed1625db3b3ec.safeframe.googlesyndication.com
a.tribalfusion.com
acdn.adnxs.com
ad.360yield.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ade.googlesyndication.com
ads.betweendigital.com
ads.playground.xyz
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
ams1-ib.adnxs.com
ap.lijit.com
api.adcropper.com
assistant.corover.mobi
aud.pubmatic.com
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
c.amazon-adsystem.com
c1.adform.net
cdn.adnxs.com
cdn.izooto.com
cdn.jsdelivr.net
cdn.truenotify.co.in
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
creativecdn.com
cricket.unibots.in
cs.admanmedia.com
cs.emxdgt.com
csync.loopme.me
d5p.de17a.com
de8e5ee2a78a71018086a69dab62ae46.safeframe.googlesyndication.com
dis.criteo.com
dmp.adform.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eu-u.openx.net
event.clientgear.com
fbe8bb0b908ca7d40cff028bfab4dd32.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
gum.criteo.com
hbopenbid.pubmatic.com
host.adcropper.com
ib.adnxs.com
id5-sync.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
irctc.co.in
jadserve.postrelease.com
loadm.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.taboola.com
maxcdn.bootstrapcdn.com
mwzeom.zeotap.com
newsbot-images.s3.ap-south-1.amazonaws.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.advertising.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pro.ip-api.com
prod.perf-serving.com
public.servenobid.com
pubmatic-match.dotomi.com
rtb.gumgum.com
s.tribalfusion.com
s0.2mdn.net
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssl.connextra.com
stags.bluekai.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.crwdcntrl.net
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.myvisualiq.net
tag.1rx.io
tg.socdm.com
tpc.googlesyndication.com
trc.taboola.com
uipglob.semasio.net
uiresource.ap-south-1.linodeobjects.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.irctc.co.in
x.bidswitch.net
ade.googlesyndication.com
match.prod.bidr.io
sync.outbrain.com
www.irctc.co.in
103.252.142.18
103.252.142.19
104.109.91.205
13.225.74.46
13.32.18.121
142.250.181.226
142.250.186.162
146.59.148.16
151.101.113.108
151.101.114.49
159.253.128.183
162.55.6.211
169.197.150.7
172.105.34.228
172.217.16.134
172.217.23.98
178.250.0.163
178.250.2.131
178.62.202.251
18.192.249.156
18.195.155.181
18.196.210.39
18.198.126.47
185.183.112.148
185.184.8.30
185.29.132.69
185.33.221.53
185.33.223.178
185.64.189.110
185.64.189.112
185.64.189.114
185.64.190.106
185.64.190.78
185.64.190.80
185.64.190.81
185.86.137.122
188.165.4.142
188.42.191.196
193.0.160.128
193.122.130.38
198.148.27.140
199.232.137.44
2.18.233.180
2.18.234.21
2001:678:cb4:bbbb::11
202.241.208.56
213.155.156.184
213.19.147.43
213.19.147.45
216.52.2.39
23.23.2.159
23.45.99.241
2400:8901::f03c:92ff:fe35:a93f
2606:4700:10::ac43:db6
2606:4700:20::681a:bd1
2606:4700::6812:1275
2606:4700::6812:bcf
2606:4700::6812:d05
2606:4700::6812:d941
2620:116:800d:21:36a9:ecb:e518:b308
2620:1ec:bdf::45
2a00:1288:110:c305::8000
2a00:1450:4001:801::2001
2a00:1450:4001:801::200a
2a00:1450:4001:802::2004
2a00:1450:4001:803::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::2006
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c0a::9a
2a02:2638::1c
2a02:2638::3
2a02:fa8:8806:12::1400
2a04:4e42:1b::621
3.123.143.157
3.126.56.137
34.98.107.212
35.158.172.137
35.201.96.126
35.201.99.35
35.227.248.159
35.244.159.8
37.157.4.39
37.157.6.241
38.27.122.158
40.80.84.221
47.252.78.131
50.16.38.94
51.77.64.70
51.89.9.251
52.208.103.128
52.210.177.43
52.219.64.115
52.28.254.214
52.48.175.241
52.57.38.160
54.197.13.220
54.36.109.22
66.155.71.150
67.202.110.23
69.173.144.139
70.42.32.191
72.251.241.196
76.223.111.131
77.243.60.138
85.114.159.93
88.214.206.247
018aa6c2e0d1313e708e22c4aba5b0a5ad6ece4f8ece4b8501debc87c114b0cd
02327590e52860efc310e8e16c0d9ae0abeab9f483aa8ad7fac4024113bdcdac
02876f916505c20e9872b65d4f62bb8809c926aa94cdd11b84c4f127ca6c641a
02a35d6531766e6921d1a3c3b1994c175fadff8fd2f35fd8eea6b70bf2dacaac
03d7f87c34bc2aa0ffbd948760039722f7493184d574473d337f5c4e085ea68e
05b1936a5e4229dc34d8e5fcfc22ce024634ea618687f37e31857402b27c4dba
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0859f5f9bf49348ef81d01f953d520c10a2a857961ef1bfad4a7903609889de5
0865528c771ae6033630bd8e6c1b60249d79e53f92339ea20d1b6f389e2b4cfc
096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3
0b81d076e8b22b1b2c5cc98c3412c156ec5aecd2852c4290f879cbf22decaf1f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fe057700147bf7539a0c065847ccbbb80e4e573dbafe7e7eecb19fc94f1f289
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1432a1af38e51bd8215b6becea2de244dd142d5dec579f0c85a7b83534422780
14be86ffc9beb3642db206634b75a577d2772567ea14130c69bd9191f226eeee
16293c5ed94c1b9bd6b602c130be9e4d02bc25613b8f2d6a1975317cc1416bd8
17b95caabc7f4cac62354765f40a304134dd0b09353b0b09619ecfbddcd48fa1
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b95ffd8d5e131d47fa1a5ab65bca620eeef87328c413940cd60a9fbcedf4b74
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1ecc6a094d6e9c110e63a8f3289d521b1ee28515248b208f57f595154e11b9bd
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f714b5ce2002eef373b9fcdc8e5c391bcb360cf19f7ff7b4d41e14b3d948a47
1fb0140eac079c8f8cc4df2380db9cf976d01b110e68e3924d5dbee0c54bc430
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
239cf7acb6b194a9c983131ce7c82bc408f0979a0c76176c3cd24f8f4f8ff35f
239f1f05c3ebba6708774ad0398580f618d904f22eca47a83b601395c4debea2
276e9a0fb6373b681060de84821df4c64e55c292a6dc37e9891f9889efc47598
28549f53cbe4dfb25ff33fc47765fefa219b01f6d880a75feec968d8b74f9cab
292f24f8a4465ef95c3bec147a67791d5085a8240beff0356d3fabd0018b87e9
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
2ac878b0e2180616993b4b6aa71e61166fdc86c28d47e359d0ee537eb11d46d3
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2af7b320cb2908c9c52a5ed0895174676d88b8996cf17a7dd7d3f3d1a2d828a0
2bff0f98aff70baf392bd5b7bd43e6588eea24ea7de3b9b81ffc845fe5f5a535
2c6bc7986ddb2f4200fd8746008e1e7508da10d14c4546309b0ab6535c9b719b
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e0099f3f326288b347f6e1f67f4622eda7417ab7c411e8d781ab842d66dedc6
2f6547e86603102883b023902f44795c64b35b9254317ed8be9cc35f47097f07
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
36df4f7844b66a333259c67ac35e64f5c0820615434ba4949f404df24e61f295
38fa9ef0a9b1bfed89c84a815e2f827a690dd92cbdcda7a4f74f2020ccd9d7f3
3a84ba17099d6b1fb2021f0ab217c670c0151fe6f61f988b4c4e28846765d628
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e28e41cd6f9508da61a47f99e199d779b9ced82e3f7ef4788ffed2f0b4e7967
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f630a191b479def3ee0f7408cfec54c5e6cad83fec65155d68ef83dcd381714
3fea9b6530ccb2944060453d4a826b56816098e5028caf91f12a16b9614980c1
413dbaabe884bded8ca6f791212d7089fea725e70f77e6c61f8a728910e61103
414dd9d36ab19a5ea14293db8584fe6d1f3667025942854ded4848c307e1bdf0
4509ef735b369f8d697d500602850f0599474136b5c801391c47266aa524d4e4
4556324e0a6e2cd98c09f32a39834d14e1136fe5d8e06ba1f09220cbaf42c0fc
4763a80efee9456fcd92b943175bcdc64fcbe3425d30f607564f15ec73d8226b
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
4833ea19effcc4e63b391362c9fd83b5ba806692ade5412def93a492c32aee6c
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4a1dd8d5a99e4b6aa04aa0fefad87b3f7afada5b3e62ff80d4a889a9a6c155b2
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6
4c4be9efcd39de6ed3a5498332175149304ee037adeee3e14d6ec51a87cc1d97
4dc56c750713f32eca2279a7c5f231687bad8a0e061163190467c8b233f48075
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
54568136bcc231af9aa7f765a5593f06ed6396388015f4959ef7952f5fafc1ac
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54adb54e48c6d647681133688f66c9f6e95161f53b58397851841cf352c9c62a
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5afc4e04ff2f476323977f6db9d805219810fbc2182cac0cb19c3adeee03aec0
5b118d77e29b3349dabb0558a8713c02f37dc13d4628f060500dface300c66aa
5b6f3806c04b7c91d2ee5cf8f42b31343a9d33ea62ad9d0506cfa1be078477d3
5ed8e43c88fcddea19fc1ca953fa736916195f311463ed76b23bcf0a6254f1e5
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
5f99c5764db9c19a1d7acc7498d61cd306b11dd19d4ce2153d1025884d70abcd
61cd6b8219f6cc7f2a6f6640e246a0ab1a0890aff678ec2abcba309e3173dac0
61f9ce42c53fdcab7010fcedfb575b2f3836f00f76aaeb83b9b5d8aa8a77b628
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
682ecc95209fcac7d195c3eeadc180c38a51fe9205628fac34a5ccba28a5b7bb
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6898c733e938bf436c7be9f24dda28307663866f8f5390b7cce4459804047643
6a8df4de6ff47a99b7116cb698e5bdcf0fd102568ef368af8d0172c493bc7eb0
6ac9a9e3e04d6653f145649145db4bfa9bdcec85c8625459b975894fd42043d5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cae9f6c94b05bc9ccb9a8e34190badac45e82f4fbe8db2fe25a4854c39edb20
6d348bbb96129c1ceac95e383423d00fe428e9bcd326d3926e6ef54f64188c24
6dd0ee64b020598ed3c8dda9213d7a631670bebe25b1b1d727548462bfeaa9b3
713c0ddf971e8d7b4930ec949704e93d662f48604f3813b0ebe83fb94032ecd2
72967c142241eb0efc02f6c9127e49adf998161a1dd347a306902f76ab062057
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74760e0cb345b1fbec60d76f803af9f5a41e820b9e1b9e832942bc1e3e8e04e7
74d955fc1fabc21de7667611927dae6d60804e5696684359564d897970095203
7689049185b048b9982a8a60c532b95c6ad4ea361db56788df938051ec25b5d0
76f386410779f4ebb5c79771e4d9a4448c0d00e5e47537098c0af7e6d5b98ad8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79aa74d9de150ee242cbdb7d30180d71cac35123b55a919cef4f1234da47fdbb
7b83d36c2baf82aa1cbc6d50979798b83f66c1225b998900a6a2fcb16062cf15
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83e9759b5b5cf1273f186fbb0ee5b079e9ab7e6146d4f8969622c78c48b0f8cb
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8600726486c2065e1f5c13a5f7fdeaff05ac6098bb5c6d9726e5f93f1e7ae345
87101792ede1eac8fe7244d22e4fbe4bf105f893fba3a0e2cdae30b51b1fae09
873de75e66b18a4bf70b8579573e016ad5a2bb002b61a0d86dde172c400af419
88d6097c7ba2f13047bedd278df6f7a530352beb534af2f3d94cd712f0711eb9
89dcc9961029d31f98e1fc5863a0918776b221a51c95d2adf4d4c4fdb056b3e4
8edcae1fb5a74e032763e7fdf6d3d6955e781a9f2ae6ef0d584c26020f8703be
8f0fcc561a2268e82f7168dee0444e4ff9c27cb341c72aa158fc689cd0fd49f1
94b328f86382cda7d83cebb40ee8dd8f567582a60ba91a90a37f490b0f0edefa
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9bc59ba16b8150e9bf32f1efb2e11630357c6aa1338190751be4d22442d500b2
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a312d2f0d58bf0f21f3faf9f7af6c9896ea1a53c0a924589a1463da9fae23743
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c0938e087a40c05a99d723eaf012958e03b048659bed9b36a2bc63f766d32b
a4c601ad7f985123c3c5370dcac8e5a3c0987502795f351d97fd9acb30fc82c5
a571f46b710739fcefbfd0c92ef6eb1b3e277cac22fdfa083cbd346679146805
a5c8ae3c191fb12089d3acbb0f46aba46cc3421ef524fa5d8f09b09b205de39c
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa175032adacd2fed8bd1f40a81bb9d811ae603113b133d34f53bcb629a4ef58
abe73d737072ffb8bb3b4e80fb6cbb254819601a29cbbd12f20a28b5c4bbf84b
ad35eab5d65725ea3bc3743e3497bae5800e47a8e6fab22dcd9f8a31c947f69e
af9eb3a938860edea7a76064cf555cdc116d01cd6c5944e8518cea1d9deeb9de
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f
b62fef7e1c8d30d7dd888f3359bb2dfce98f926cc1c2a8520ed60086a26460ca
b9e20cb67aca5164b559f59b7f110860d6901420c998d0a5ed229ed1fd78e79b
bb13b63631f53fbc96eed6a88d58ae5ff695ec556aa6581d1de71eaa3e56260a
bd2ab55f0c3f815827b29222e282e6d787daa928e68505f03f891d2ab5718d03
bde9c2949e64d059c18d8f93566a64dafc6d2e8e259a70322fb804831dfd0b5b
beb6d0da5eb35e3aa66d51f9b5185a3f97784cb777c205ae50fe314abf27136a
bfb107f4801aa4969678fc9bad4453da1e12e2f66b37a7d8281db13c36b52d1e
c273a20005937ca693fc9afebf33474f504712d1150b185c236d6f6826ef0d96
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
cb4fc7d329d51bbc323acde6a4e077fb3352be9bd5101796d12e91faf105a1d2
ccddc829527de4dc6824cc73b29e967fc460a156a6add5f8020c61f1b860874e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf968d97557bd0f7dbbb4d6ed7253a1b3f8370c9f9a0cb83d259f153f02afca8
cff247c4d6c20697eb3565e8cdce376842e41201d0e7a571e3649d1e92f7ed39
d1e591b3dbf6a3062e13ac83cbcf2eb65821ef63b5c838241e60596fbfe11e32
d40844db077cf9c3e60dec631716ee4ae1299fdb432bd3a21f18196fa59276d7
d496bd4394d421bab059ad0b5581d861d8a98fdd9f02adacf1057d521fd6e426
d4f87eb2fd81448ae30cbd4d65fb30d717d22e580ca7d481b8c3f7473318b7cc
d5286b6ef663cd4f98b325fc60fc518fa2b0ccb6e4a0aa7e3b3b8c8a93c35d02
d6995e199872a82d2fbdb8e629dc7cd2eb60c5669edac13c17838bef3e96a34b
d91aa6317b695abf60eef9b5621cd8345a28f04d3d4aedc985c431d9c972e699
daf38b5d72169883de2e4eed3beffe528148c1b6335c808595ec7b69d97f6deb
dc5d59a0349ad0786364da25af6d8778a5f1c301742ceead9ab2b8280af82826
dc96f70617608f71da10b3f4fa624a98a8543279c75ea9541e68c810201e4822
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e124fcba4a06960035cba11e44599628ac11bd60183915270787f1cace064597
e2792888d1b983c846b46bdab69478b811ff6ec9442c68c7156a23b0d2219c23
e381638d5bd35819b15f603159edcf4cf7905a34e5bd8751f01faa2c34228c2d
e393e1e3b916c47156ee3940141442fb6a3efc765a4b58dc3adfe6584f351f36
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8814fe4bc278b01a362b4e0aa06913b4326335a6a5a2d1e72ee57645a154a8b
e98658483128da010fbc23272d4320c9479bd70007deaae6b672a8b7ef04b490
eca8ad1e88fee72245cbbf5eb69f30be15a4132694e4eeb85bfb0986d56d6e75
ed8fbef7f77598c4d97e103ba0fb20e0b06ea664811a770ed6428e03f9246e64
ee8f2a6ea8c02259b3f4d068d0607f92ba9cd2a6f06d915ca317b75a39676932
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0eabb8312618555324ba8ad7f6244e0817878a9902750c92d24528b1167f75c
f3a1b478a42f1cfb0bfd7cf614c800435e4e74f81d609169f8f819e89bc689e6
f459a3a2ed70ae6454d0ce1e993ad13c43d8f470414a6387f41f7df58213a614
f49b1d1bd49f5c61c93e08dc9b8427ae046c513af8ce30fa8d04162bb6f5b9df
f6af3db7d41a1b933cd4c023feed331559344d4243bba394e2b1c14a6b1c42c0
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fa29c173adfc834999cb48bd87edbde6359640538006567a662bd55ec11406ab
fc0f005ccc24ffbf3e9a28e80c654ec09f958f2240b024e2b68152f303366d64

www.irctc.co.in Open in urlscan Pro 103.252.142.18 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

484 Requests

99 %HTTPS

28 %IPv6

92 Domains

131 Subdomains

82 IPs

13 Countries

6146 kBTransfer

12904 kBSize

7 Cookies

76 Outgoing links

Page URL History

Redirected requests

484 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.irctc.co.in Open in urlscan Pro
103.252.142.18 Public Scan

Screenshot
Live screenshot

Full Image

484
Requests

99 %
HTTPS

28 %
IPv6

92
Domains

131
Subdomains

82
IPs

13
Countries

6146 kB
Transfer

12904 kB
Size

7
Cookies

484 HTTP transactions
6 data transactions