anotepad.com Open in urlscan Pro
207.244.104.157 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://anotepad.com/notes/exc8ajpf
Submission: On October 17 via manual (October 17th 2021, 12:49:23 am UTC) from US — Scanned from DE

Summary HTTP 321 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 86 IPs in 10 countries across 99 domains to perform 321 HTTP transactions. The main IP is 207.244.104.157, located in Alexandria, United States and belongs to LEASEWEB-USA-WDC, US. The main domain is anotepad.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on December 20th 2020. Valid for: a year.

This is the only time anotepad.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	207.244.104.157 207.244.104.157	30633 (LEASEWEB-...) (LEASEWEB-USA-WDC)
1	216.58.212.136 216.58.212.136	15169 (GOOGLE) (GOOGLE)
2	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	13.225.87.30 13.225.87.30	16509 (AMAZON-02) (AMAZON-02)
7	104.26.1.139 104.26.1.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.170 142.250.186.170	15169 (GOOGLE) (GOOGLE)
4	104.75.88.126 104.75.88.126	16625 (AKAMAI-AS) (AKAMAI-AS)
2	142.250.186.142 142.250.186.142	15169 (GOOGLE) (GOOGLE)
1	2.18.235.40 2.18.235.40	16625 (AKAMAI-AS) (AKAMAI-AS)
1	64.233.166.154 64.233.166.154	15169 (GOOGLE) (GOOGLE)
5	35.201.71.192 35.201.71.192	15169 (GOOGLE) (GOOGLE)
1 4	172.217.23.100 172.217.23.100	15169 (GOOGLE) (GOOGLE)
1 4	13.225.87.102 13.225.87.102	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
4	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1 1	104.21.192.118 104.21.192.118	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.26.7.139 104.26.7.139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 3	142.250.184.198 142.250.184.198	15169 (GOOGLE) (GOOGLE)
1	172.67.69.19 172.67.69.19	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	130.211.23.194 130.211.23.194	15169 (GOOGLE) (GOOGLE)
3	13.225.87.65 13.225.87.65	16509 (AMAZON-02) (AMAZON-02)
3 7	91.228.74.226 91.228.74.226	16509 (AMAZON-02) (AMAZON-02)
1	13.224.194.76 13.224.194.76	16509 (AMAZON-02) (AMAZON-02)
9	35.158.37.68 35.158.37.68	16509 (AMAZON-02) (AMAZON-02)
6	3.214.91.80 3.214.91.80	14618 (AMAZON-AES) (AMAZON-AES)
10	35.157.246.167 35.157.246.167	16509 (AMAZON-02) (AMAZON-02)
2	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	52.48.144.237 52.48.144.237	16509 (AMAZON-02) (AMAZON-02)
2	18.192.135.64 18.192.135.64	16509 (AMAZON-02) (AMAZON-02)
4 10	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
2	184.31.84.150 184.31.84.150	16625 (AKAMAI-AS) (AKAMAI-AS)
5	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
2	213.19.162.61 213.19.162.61	3356 (LEVEL3) (LEVEL3)
18	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
6	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
2	52.57.27.215 52.57.27.215	16509 (AMAZON-02) (AMAZON-02)
1	13.224.193.5 13.224.193.5	16509 (AMAZON-02) (AMAZON-02)
8	63.33.113.238 63.33.113.238	16509 (AMAZON-02) (AMAZON-02)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
1 1	54.90.48.240 54.90.48.240	14618 (AMAZON-AES) (AMAZON-AES)
17 41	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
7 12	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
6 7	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
1 1	46.228.164.13 46.228.164.13	56396 (AMOBEE) (AMOBEE)
6 6	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
1 1	64.58.232.179 64.58.232.179	13649 (ASN-VINS) (ASN-VINS)
1	69.169.86.39 69.169.86.39	29838 (AMC) (AMC)
4 6	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	107.178.240.89 107.178.240.89	15169 (GOOGLE) (GOOGLE)
14	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
4	142.250.185.193 142.250.185.193	15169 (GOOGLE) (GOOGLE)
2	178.250.2.130 178.250.2.130	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.2.146 178.250.2.146	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 20	142.250.185.97 142.250.185.97	15169 (GOOGLE) (GOOGLE)
1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
1 1	52.3.207.70 52.3.207.70	14618 (AMAZON-AES) (AMAZON-AES)
3 3	213.155.156.169 213.155.156.169	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
1 1	13.224.193.29 13.224.193.29	16509 (AMAZON-02) (AMAZON-02)
1 1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	185.86.138.132 185.86.138.132	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	37.9.245.57 37.9.245.57	16345 (BEE-AS Ru...) (BEE-AS Russia)
1	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
1	142.250.185.65 142.250.185.65	15169 (GOOGLE) (GOOGLE)
2 4	159.253.128.183 159.253.128.183	36351 (SOFTLAYER) (SOFTLAYER)
2 2	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
1	3.115.67.144 3.115.67.144	16509 (AMAZON-02) (AMAZON-02)
3 3	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
1 3	104.18.12.5 104.18.12.5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	64.202.112.31 64.202.112.31	23352 (SERVERCEN...) (SERVERCENTRAL)
2 2	216.52.2.39 216.52.2.39	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1 1	54.93.151.69 54.93.151.69	16509 (AMAZON-02) (AMAZON-02)
3	2.18.233.180 2.18.233.180	() ()
2	104.109.78.125 104.109.78.125	() ()
2 19	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2.18.232.130 2.18.232.130	() ()
1	67.202.105.23 67.202.105.23	() ()
7 8	18.185.143.19 18.185.143.19	() ()
2 2	52.71.90.26 52.71.90.26	() ()
6 6	3.120.29.221 3.120.29.221	() ()
2 2	18.198.220.83 18.198.220.83	() ()
16 16	52.16.151.94 52.16.151.94	() ()
2 24	185.64.190.80 185.64.190.80	() ()
3 3	198.148.27.140 198.148.27.140	() ()
3	185.86.137.110 185.86.137.110	() ()
5 6	37.157.4.25 37.157.4.25	() ()
1 1	13.225.87.28 13.225.87.28	() ()
1 1	178.250.2.151 178.250.2.151	() ()
1 1	85.114.159.93 85.114.159.93	() ()
1 1	162.55.6.212 162.55.6.212	() ()
3 3	213.19.147.44 213.19.147.44	() ()
1 1	94.23.73.243 94.23.73.243	() ()
1	72.251.241.196 72.251.241.196	() ()
1	104.26.10.209 104.26.10.209	() ()
1 2	151.101.1.44 151.101.1.44	() ()
1	38.91.45.7 38.91.45.7	() ()
3	185.64.189.114 185.64.189.114	() ()
1 1	146.59.148.16 146.59.148.16	() ()
1 3	172.67.13.182 172.67.13.182	() ()
1 2	212.82.100.176 212.82.100.176	() ()
1	34.98.67.61 34.98.67.61	() ()
1	89.207.16.140 89.207.16.140	() ()
2 2	66.155.71.150 66.155.71.150	() ()
1 1	46.228.164.11 46.228.164.11	() ()
1 1	178.62.202.251 178.62.202.251	() ()
1 1	34.98.107.212 34.98.107.212	() ()
1 1	185.33.221.53 185.33.221.53	() ()
1	52.18.52.16 52.18.52.16	() ()
4	104.16.201.58 104.16.201.58	() ()
2 4	209.54.176.128 209.54.176.128	() ()
2 3	104.111.242.53 104.111.242.53	() ()
1 1	50.16.141.46 50.16.141.46	() ()
2 4	54.208.142.27 54.208.142.27	() ()
1 1	193.0.160.129 193.0.160.129	() ()
1 1	54.90.144.255 54.90.144.255	() ()
4 7	69.173.144.139 69.173.144.139	() ()
1	87.248.118.22 87.248.118.22	() ()
4	104.16.63.54 104.16.63.54	() ()
1 1	38.27.122.158 38.27.122.158	() ()
2 2	35.201.96.126 35.201.96.126	() ()
1	185.64.189.229 185.64.189.229	() ()
1 2	77.243.60.138 77.243.60.138	() ()
1 2	34.192.120.237 34.192.120.237	() ()
1 1	52.202.13.238 52.202.13.238	() ()
321	86

2 207.244.104.157 (Alexandria, United States)

ASN30633 (LEASEWEB-USA-WDC, US)
PTR: anotepad.com

anotepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.136 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.225.87.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-30.fra2.r.cloudfront.net

cdn.anotepad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.26.1.139 (United States)

ASN13335 (CLOUDFLARENET, US)

a.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.75.88.126 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-88-126.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.40 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-40.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.233.166.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wm-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.201.71.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.71.201.35.bc.googleusercontent.com

d.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.pub.network	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.23.100 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.225.87.102 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-102.fra2.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.192.118 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

freestar-io.videoplayerhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.7.139 (United States)

ASN13335 (CLOUDFLARENET, US)

btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.198 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.69.19 (United States)

ASN13335 (CLOUDFLARENET, US)

ad-delivery.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.23.194 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.87.65 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-65.fra2.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 91.228.74.226 (United Kingdom) 3 redirects

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.194.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-76.fra2.r.cloudfront.net

dggaenaawxe8z.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 35.158.37.68 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.214.91.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-91-80.compute-1.amazonaws.com

mantodea.mantisadnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ecs.mantisadnetwork.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 35.157.246.167 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.144.237 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-144-237.eu-west-1.compute.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.192.135.64 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-135-64.eu-central-1.compute.amazonaws.com

grid.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.33.221.87 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.31.84.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.162.61 (United Kingdom)

ASN3356 (LEVEL3, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

freestar-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eu-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.27.215 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-27-215.eu-central-1.compute.amazonaws.com

uat5-b.investingchannel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-5.fra2.r.cloudfront.net

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 63.33.113.238 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.48.240 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-48-240.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 142.250.186.130 (United States) 17 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 76.223.111.131 (United States) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 3.127.178.105 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.13 (United Kingdom) 1 redirects

ASN56396 (AMOBEE, GB)

d.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.29.132.245 (United Kingdom) 6 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.2.49 (United States) 4 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.58.232.179 (United States) 1 redirects

ASN13649 (ASN-VINS, US)

global.ib-ibi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.169.86.39 (Cranford, United States)

ASN29838 (AMC, US)

ib.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.115 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.240.89 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 89.240.178.107.bc.googleusercontent.com

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.193 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f1.1e100.net

65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.130 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.2.146 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 142.250.185.97 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.207.70 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-207-70.compute-1.amazonaws.com

fksnk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.155.156.169 (Uppsala, Sweden) 3 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-169.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.193.29 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-224-193-29.fra2.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.138.132 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.9.245.57 (Russian Federation) 1 redirects

ASN16345 (BEE-AS Russia, RU)

google.ops.beeline.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f1.1e100.net

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 159.253.128.183 (Amsterdam, Netherlands) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: b7.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.253.211 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.115.67.144 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com

cc.adingo.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.156.0.31 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.18.12.5 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.31 (United States) 2 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (United States) 2 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.93.151.69 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-151-69.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.180 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.130 (None, )

ASN- ()

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.23 (None, )

ASN- ()

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.185.143.19 (None, ) 7 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.71.90.26 (None, ) 2 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.120.29.221 (None, ) 6 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.220.83 (None, ) 2 redirects

ASN- ()

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 52.16.151.94 (None, ) 16 redirects

ASN- ()

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 185.64.190.80 (None, ) 2 redirects

ASN- ()

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 198.148.27.140 (None, ) 3 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.137.110 (None, )

ASN- ()

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.4.25 (None, ) 5 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.28 (None, ) 1 redirects

ASN- ()

cm.smadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.151 (None, ) 1 redirects

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.55.6.212 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.73.243 (None, ) 1 redirects

ASN- ()

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.196 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.10.209 (None, )

ASN- ()

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.44 (None, ) 1 redirects

ASN- ()

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.91.45.7 (None, )

ASN- ()

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.114 (None, )

ASN- ()

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.148.16 (None, ) 1 redirects

ASN- ()

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.13.182 (None, ) 1 redirects

ASN- ()

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.82.100.176 (None, ) 1 redirects

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (None, )

ASN- ()

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.207.16.140 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (None, ) 2 redirects

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.228.164.11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (None, ) 1 redirects

ASN- ()

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.107.212 (None, ) 1 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.53 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.52.16 (None, )

ASN- ()

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.201.58 (None, )

ASN- ()

pixel.yabidos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 209.54.176.128 (None, ) 2 redirects

ASN- ()

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (None, ) 2 redirects

ASN- ()

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.16.141.46 (None, ) 1 redirects

ASN- ()

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.208.142.27 (None, ) 2 redirects

ASN- ()

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (None, ) 1 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.90.144.255 (None, ) 1 redirects

ASN- ()

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 69.173.144.139 (None, ) 4 redirects

ASN- ()

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.22 (None, )

ASN- ()

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.63.54 (None, )

ASN- ()

pre.glotgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.158 (None, ) 1 redirects

ASN- ()

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (None, ) 2 redirects

ASN- ()

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.229 (None, )

ASN- ()

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (None, ) 1 redirects

ASN- ()

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.192.120.237 (None, ) 1 redirects

ASN- ()

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.13.238 (None, ) 1 redirects

ASN- ()

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	doubleclick.net 18 redirects stats.g.doubleclick.net securepubads.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net googleads.g.doubleclick.net	190 KB
37	pubmatic.com hbopenbid.pubmatic.com Failed image6.pubmatic.com ads.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com simage4.pubmatic.com aud.pubmatic.com	59 KB
35	googlesyndication.com 1 redirects 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	284 KB
20	openx.net 2 redirects freestar-d.openx.net rtb.openx.net eu-u.openx.net us-u.openx.net	5 KB
17	krxd.net 1 redirects cdn.krxd.net beacon.krxd.net consumer.krxd.net usermatch.krxd.net	178 KB
17	casalemedia.com 2 redirects htlb.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com	26 KB
16	bidr.io 16 redirects match.prod.bidr.io	8 KB
16	yahoo.com 4 redirects c2shb.ssp.yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com ads.yahoo.com	9 KB
13	adnxs.com 5 redirects ib.adnxs.com acdn.adnxs.com secure.adnxs.com	59 KB
12	adsrvr.org 7 redirects match.adsrvr.org	5 KB
12	pub.network a.pub.network d.pub.network c.pub.network	353 KB
11	rubiconproject.com 4 redirects fastlane.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com pixel.rubiconproject.com	16 KB
10	bidswitch.net 7 redirects grid.bidswitch.net x.bidswitch.net	4 KB
10	sharethrough.com 1 redirects btlr.sharethrough.com match.sharethrough.com	1 KB
8	anotepad.com anotepad.com cdn.anotepad.com	26 KB
7	eyeota.net 6 redirects ps.eyeota.net	4 KB
7	quantserve.com 3 redirects secure.quantserve.com pixel.quantserve.com cms.quantserve.com	11 KB
6	adform.net 5 redirects c1.adform.net	3 KB
6	w55c.net 6 redirects pm.w55c.net	5 KB
6	mathtag.com 6 redirects sync.mathtag.com	3 KB
6	33across.com ssc.33across.com ssc-cms.33across.com	909 B
6	mantisadnetwork.com mantodea.mantisadnetwork.com ecs.mantisadnetwork.com	2 KB
6	google.com 1 redirects www.google.com adservice.google.com	2 KB
5	criteo.com 1 redirects bidder.criteo.com gum.criteo.com dis.criteo.com	6 KB
4	glotgrx.com pre.glotgrx.com	583 B
4	eqads.com 2 redirects um2.eqads.com	1 KB
4	amazon-adsystem.com 2 redirects s.amazon-adsystem.com	3 KB
4	yabidos.com pixel.yabidos.com	50 KB
4	indexww.com js-sec.indexww.com	4 KB
4	simpli.fi 2 redirects um.simpli.fi	2 KB
4	smartadserver.com 1 redirects ssbsync.smartadserver.com rtb-csync.smartadserver.com	945 B
4	everesttech.net 4 redirects sync-tm.everesttech.net	962 B
4	googletagservices.com www.googletagservices.com	138 KB
4	scorecardresearch.com 1 redirects sb.scorecardresearch.com	3 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	1 KB
3	contextweb.com 3 redirects bh.contextweb.com	1 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	2 KB
3	de17a.com 3 redirects d5p.de17a.com	1014 B
3	rlcdn.com idsync.rlcdn.com id.rlcdn.com	462 B
3	adlightning.com tagan.adlightning.com	73 KB
3	addthis.com s7.addthis.com m.addthis.com	140 KB
2	audrte.com 1 redirects a.audrte.com	1 KB
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	1 KB
2	sitescout.com 2 redirects pixel-sync.sitescout.com	947 B
2	taboola.com 1 redirects trc.taboola.com match.taboola.com	558 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com	1 KB
2	stackadapt.com 2 redirects sync.srv.stackadapt.com	909 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com	1 KB
2	criteo.net static.criteo.net	55 KB
2	mookie1.com ib.mookie1.com odr.mookie1.com	2 KB
2	turn.com 2 redirects d.turn.com ad.turn.com	968 B
2	investingchannel.com uat5-b.investingchannel.com	445 B
2	yieldmo.com ads.yieldmo.com	443 B
2	btloader.com btloader.com api.btloader.com	23 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	googleapis.com ajax.googleapis.com	100 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	32 KB
1	ipredictive.com 1 redirects sync.ipredictive.com	522 B
1	bnmla.com 1 redirects match.bnmla.com	917 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com	382 B
1	rfihub.com 1 redirects p.rfihub.com	779 B
1	advangelists.com 1 redirects nep.advangelists.com	232 B
1	gumgum.com rtb.gumgum.com	238 B
1	playground.xyz 1 redirects ads.playground.xyz	485 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	550 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	onaudience.com 1 redirects pixel.onaudience.com	400 B
1	deepintent.com match.deepintent.com	44 B
1	ad4m.at ad4m.at	915 B
1	adgrx.com cm.adgrx.com	408 B
1	erne.co 1 redirects green.erne.co	326 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	535 B
1	loopme.me 1 redirects csync.loopme.me	217 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	smadex.com 1 redirects cm.smadex.com	526 B
1	adingo.jp cc.adingo.jp	44 B
1	googleusercontent.com lh6.googleusercontent.com	267 KB
1	gstatic.com www.gstatic.com	12 KB
1	beeline.ru 1 redirects google.ops.beeline.ru	761 B
1	media.net 1 redirects cs.media.net	1 KB
1	smaato.net 1 redirects s.ad.smaato.net	438 B
1	fksnk.com 1 redirects fksnk.com	617 B
1	2mdn.net s0.2mdn.net	99 KB
1	pro-market.net 1 redirects fei.pro-market.net	326 B
1	ib-ibi.com 1 redirects global.ib-ibi.com	489 B
1	bluekai.com 1 redirects stags.bluekai.com	712 B
1	quantcount.com rules.quantcount.com	1 KB
1	cloudfront.net dggaenaawxe8z.cloudfront.net	3 KB
1	ad-delivery.net ad-delivery.net	924 B
1	videoplayerhub.com 1 redirects freestar-io.videoplayerhub.com	519 B
1	pghub.io pghub.io	2 KB
1	addthisedge.com v1.addthisedge.com	325 B
1	moatads.com z.moatads.com	1 KB
1	googletagmanager.com www.googletagmanager.com	38 KB
0	netmng.com Failed google2waycm.netmng.com Failed
321	99

	Domain	Requested by
39	cm.g.doubleclick.net	17 redirects 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com eu-u.openx.net
20	tpc.googlesyndication.com	1 redirects anotepad.com 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com tagan.adlightning.com tpc.googlesyndication.com
16	match.prod.bidr.io	16 redirects
15	simage2.pubmatic.com	ads.pubmatic.com
12	match.adsrvr.org	7 redirects eu-u.openx.net ssum-sec.casalemedia.com
11	dsum-sec.casalemedia.com	2 redirects ssum-sec.casalemedia.com um2.eqads.com
11	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com
10	eu-u.openx.net	a.pub.network eu-u.openx.net
10	ib.adnxs.com	4 redirects a.pub.network acdn.adnxs.com
10	c2shb.ssp.yahoo.com	a.pub.network
9	image2.pubmatic.com	2 redirects ads.pubmatic.com
9	btlr.sharethrough.com	a.pub.network
8	x.bidswitch.net	7 redirects
8	beacon.krxd.net	cdn.krxd.net
7	ps.eyeota.net	6 redirects
7	a.pub.network	anotepad.com a.pub.network tagan.adlightning.com
6	c1.adform.net	5 redirects ads.pubmatic.com
6	us-u.openx.net	eu-u.openx.net
6	pm.w55c.net	6 redirects
6	image6.pubmatic.com	4 redirects ads.pubmatic.com
6	sync.mathtag.com	6 redirects
6	cdn.krxd.net	anotepad.com cdn.krxd.net tagan.adlightning.com
6	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net anotepad.com
6	cdn.anotepad.com	anotepad.com cdn.anotepad.com
5	ssc.33across.com	a.pub.network
4	pre.glotgrx.com	mantodea.mantisadnetwork.com
4	token.rubiconproject.com	4 redirects
4	um2.eqads.com	2 redirects ssum-sec.casalemedia.com
4	s.amazon-adsystem.com	2 redirects ssum-sec.casalemedia.com
4	pixel.yabidos.com	mantodea.mantisadnetwork.com pixel.yabidos.com
4	ssum-sec.casalemedia.com	js-sec.indexww.com ssum-sec.casalemedia.com
4	js-sec.indexww.com	a.pub.network ssum-sec.casalemedia.com
4	um.simpli.fi	2 redirects ads.pubmatic.com
4	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net tagan.adlightning.com
4	sync-tm.everesttech.net	4 redirects
4	c.pub.network	a.pub.network
4	pixel.quantserve.com	3 redirects
4	mantodea.mantisadnetwork.com	a.pub.network
4	www.googletagservices.com	a.pub.network 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
4	sb.scorecardresearch.com	1 redirects a.pub.network
4	www.google.com	1 redirects anotepad.com tagan.adlightning.com 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
3	pixel.rubiconproject.com
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	rtb-csync.smartadserver.com	eu-u.openx.net ads.pubmatic.com
3	bh.contextweb.com	3 redirects
3	ads.pubmatic.com	a.pub.network ads.pubmatic.com
3	ups.analytics.yahoo.com	3 redirects
3	d5p.de17a.com	3 redirects
3	tagan.adlightning.com	a.pub.network tagan.adlightning.com
3	ad.doubleclick.net	1 redirects 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
2	a.audrte.com	1 redirects
2	uipglob.semasio.net	1 redirects
2	visitor.fiftyt.com	2 redirects
2	ecs.mantisadnetwork.com	mantodea.mantisadnetwork.com
2	pixel-sync.sitescout.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects ads.pubmatic.com
2	mwzeom.zeotap.com	ads.pubmatic.com
2	image4.pubmatic.com	ads.pubmatic.com
2	sync.1rx.io	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	sync.srv.stackadapt.com	2 redirects
2	acdn.adnxs.com	a.pub.network
2	eus.rubiconproject.com	a.pub.network eus.rubiconproject.com
2	ap.lijit.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	a.tribalfusion.com	1 redirects ads.pubmatic.com
2	rtb.openx.net	2 redirects
2	cms.quantserve.com	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
2	googleads.g.doubleclick.net	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
2	gum.criteo.com	tagan.adlightning.com gum.criteo.com
2	static.criteo.net	a.pub.network static.criteo.net
2	adservice.google.com	tagan.adlightning.com
2	idsync.rlcdn.com
2	consumer.krxd.net	cdn.krxd.net
2	uat5-b.investingchannel.com	dggaenaawxe8z.cloudfront.net
2	freestar-d.openx.net	a.pub.network
2	fastlane.rubiconproject.com	a.pub.network
2	htlb.casalemedia.com	a.pub.network
2	grid.bidswitch.net	a.pub.network
2	ads.yieldmo.com	a.pub.network
2	bidder.criteo.com	a.pub.network
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	s7.addthis.com	anotepad.com s7.addthis.com
2	ajax.googleapis.com	anotepad.com
2	stackpath.bootstrapcdn.com	anotepad.com
2	anotepad.com	ajax.googleapis.com
1	sync.ipredictive.com	1 redirects
1	aud.pubmatic.com
1	match.bnmla.com	1 redirects
1	simage4.pubmatic.com	ads.pubmatic.com
1	id.rlcdn.com
1	ads.yahoo.com
1	beacon.lynx.cognitivlabs.com	1 redirects
1	p.rfihub.com	1 redirects
1	nep.advangelists.com	1 redirects
1	rtb.gumgum.com	ads.pubmatic.com
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	match.adsby.bidtheatre.com	1 redirects
1	ad.turn.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	odr.mookie1.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	pixel.onaudience.com	1 redirects
1	match.deepintent.com	ads.pubmatic.com
1	match.taboola.com	ads.pubmatic.com
1	trc.taboola.com	1 redirects
1	ad4m.at	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	csync.loopme.me	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	1 redirects
1	cm.smadex.com	1 redirects
1	ssc-cms.33across.com	a.pub.network
1	match.sharethrough.com	1 redirects
1	s.tribalfusion.com
1	cc.adingo.jp	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
1	lh6.googleusercontent.com	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
1	www.gstatic.com	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
1	google.ops.beeline.ru	1 redirects
1	ssbsync.smartadserver.com	1 redirects
1	cs.media.net	1 redirects
1	s.ad.smaato.net	1 redirects
1	fksnk.com	1 redirects
1	s0.2mdn.net	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
1	googleads4.g.doubleclick.net	anotepad.com
1	fei.pro-market.net	1 redirects
1	ib.mookie1.com
1	global.ib-ibi.com	1 redirects
1	d.turn.com	1 redirects
1	stags.bluekai.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	rules.quantcount.com	secure.quantserve.com
1	dggaenaawxe8z.cloudfront.net	tagan.adlightning.com
1	secure.quantserve.com	tagan.adlightning.com
1	api.btloader.com	freestar-io.videoplayerhub.com
1	ad-delivery.net
1	btloader.com
1	freestar-io.videoplayerhub.com	1 redirects
1	pghub.io	a.pub.network
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	d.pub.network	a.pub.network
1	stats.g.doubleclick.net	www.google-analytics.com
1	z.moatads.com	s7.addthis.com
1	www.googletagmanager.com	anotepad.com
0	google2waycm.netmng.com Failed	65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
0	hbopenbid.pubmatic.com Failed	a.pub.network
321	150

This site contains links to these domains. Also see Links.

Domain
freestar.com
174.138.25.6
apps.apple.com
play.google.com
www.gotresumebuilder.com
www.gotfreefax.com
www.adlightning.com

Subject Issuer	Validity	Valid
anotepad.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-20` - `2022-01-20`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
*.anotepad.com Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-27`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-01-21` - `2022-01-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.pub.network Go Daddy Secure Certificate Authority - G2	`2021-03-17` - `2022-04-18`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2021-02-09` - `2022-02-16`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
api.btloader.com GTS CA 1D4	`2021-08-28` - `2021-11-26`	3 months	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.mantisadnetwork.com Amazon	`2021-10-14` - `2022-11-11`	a year	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-14` - `2022-04-06`	6 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
*.yieldmo.com Amazon	`2021-05-25` - `2022-06-23`	a year	crt.sh
grid.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2021-09-27` - `2022-10-23`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2021-09-28` - `2021-12-27`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
cdn.krxd.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-02-08` - `2022-02-07`	a year	crt.sh
*.investingchannel.com Go Daddy Secure Certificate Authority - G2	`2020-05-26` - `2022-06-01`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.eyeota.net R3	`2021-08-27` - `2021-11-25`	3 months	crt.sh
ib.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-14` - `2022-11-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-09` - `2021-12-07`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.adingo.jp DigiCert TLS RSA SHA256 2020 CA1	`2021-03-26` - `2022-04-14`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-24` - `2022-03-26`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
um3.eqads.com Amazon	`2021-06-26` - `2022-07-25`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-09-27` - `2021-11-17`	2 months	crt.sh
*.glotgrx.com Go Daddy Secure Certificate Authority - G2	`2020-12-14` - `2022-01-12`	a year	crt.sh
*.semasio.net GlobalSign GCC R3 DV TLS CA 2020	`2021-03-09` - `2022-04-10`	a year	crt.sh
*.audrte.com Amazon	`2021-01-26` - `2022-02-24`	a year	crt.sh

This page contains 49 frames:

Primary Page: https://anotepad.com/notes/exc8ajpf
Frame ID: FA215EE7AF36E135FF46025D5D390F5F
Requests: 111 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 26D30ACD8FC89956A42826DD42832F31
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: E092F8ACDCC5BD57AC29E72E79F62419
Requests: 1 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 0F279A915E7CC0704705994A902F3DF0
Requests: 15 HTTP requests in this frame

Frame: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 73DE2B0E23C8DF93D62BA57A4670A22B
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=anotepad.com
Frame ID: FF1D3F2F2E3293CA462F4471836971D8
Requests: 2 HTTP requests in this frame

Frame: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1033C27EB74747ED6ADC0C8C7A98647B
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A8BC4AA63DC963416A7F3F098E25B71D
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: ABC17D2D527BF49D4A5D9B90B8CA4660
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 27F01523D973F41EC2CDBBD1D961F773
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3CE6639DE18115E0AC5A502DD167E629
Requests: 2 HTTP requests in this frame

Frame: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 62E6521DE3C6EB597CB78D8900885C89
Requests: 13 HTTP requests in this frame

Frame: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 898F84B8D1F45D4D281A98E2D4A7CDAE
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 24299C02106A4C686509CFCFD78CBDA3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DA3A27FBD50097C257F4DB3AEEE099B2
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 660D69A58717723F63E6B09AE34F16E9
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 92908BED889FEC0DBE38E453041ABCDD
Requests: 24 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 5CCCB0D0CD15886F04E245F8DB92CDFD
Requests: 10 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Frame ID: 03D30F9E96CC7097E3F279334C3C39E9
Requests: 11 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 9085A16CBEE856F631C7AFAAD4D111C5
Requests: 1 HTTP requests in this frame

Frame: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Frame ID: D696B8162E5AD2D70304DA5BF7DAA51C
Requests: 11 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 3264290324F06CC63F1DC84E8404F38E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 4DE12BFD17D4A73AD57D2391603452AB
Requests: 3 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cNQLIgg3Or7iD1aKlKyvbs&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 29B1A02D85795C555E4A5586E0F9AB0D
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2472899CD4D7D7AD6B5E6241200737B4
Requests: 3 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Frame ID: 7AC46B4BCFD57F6B69201394271049D1
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A622E725DA200964C7D2D7640AFC6C19
Requests: 7 HTTP requests in this frame

Frame: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Frame ID: 6E53A573835FF27E263F7E338D9AE444
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 457F2ACD98A5A9035C50045E0BA007F9
Requests: 9 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 3B858C2DE7544B81962475369212EF70
Requests: 9 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=66232E30-42A6-4224-8517-A35A018D9163
Frame ID: 0E441B3EABCA9B9F58A0BED4C98330E0
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795
Frame ID: 5979ACBCA6BB7B1D20BE005E8AC6FD2F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 5320E50AAA1F41F0EADD8224771AC63A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271
Frame ID: D1A5BA2B9D61B379B4F9DC50E11FC5A6
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Frame ID: DA135A16CF34C9014B72A6F5F5D27344
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Frame ID: 34177AE3D700C3F12575696E415455A9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003
Frame ID: 67911019D21CE8A8E06FE3AB49442ED5
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR
Frame ID: B092752664BE2AA8E3AA91917C2A83C3
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 609627A4C4BE0FC3726ACFA3833837B1
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
Frame ID: C2CE448ED132E0BABD0608BF8F0C5920
Requests: 1 HTTP requests in this frame

Frame: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 49F9A0E6770596B7D90E657669C24A1F
Requests: 1 HTTP requests in this frame

Frame: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Frame ID: 42AF787FE7E99BD00A4074A15F0896D3
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: D419C436EA6154AEF66620A5047D00FC
Requests: 1 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 6B1F1DECFFFAF45B7787682CB59C0593
Requests: 2 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 8A6ECDE71EAB434F2E000E4547DB7BC6
Requests: 2 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=
Frame ID: 682F31D16188BE0BDA23BB755102263C
Requests: 1 HTTP requests in this frame

Frame: https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
Frame ID: 3ABCF233590751AEFC3DAEDCB312391C
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23
Frame ID: 86418A3E6AC253C0BFDC3F1F35C92556
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0
Frame ID: 8D851996270DC123E1AEF2770C906C14
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Notepad - Website Bandar Judi Secara Online Semua Gaming Terfavorit di Indonesia

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

321
Requests

98 %
HTTPS

0 %
IPv6

99
Domains

150
Subdomains

86
IPs

10
Countries

2285 kB
Transfer

5580 kB
Size

63
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://freestar.com/?utm_campaign=branding&utm_medium=superflex&utm_source=anotepad.com&utm_content=anotepad_leaderboard_atf

Search URL Search Domain Scan URL

URL: https://174.138.25.6/id-ID/Home
Title: situs referensi

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_campaign=branding&utm_medium=superflex&utm_source=anotepad.com&utm_content=anotepad_leaderboard_btf

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/a-notepad-take-share-notes/id1494609935

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.anotepad.android

Search URL Search Domain Scan URL

URL: https://www.gotresumebuilder.com/
Title: Resume Builder

Search URL Search Domain Scan URL

URL: https://www.gotfreefax.com/
Title: Free Fax

Search URL Search Domain Scan URL

URL: https://www.adlightning.com/

Search URL Search Domain Scan URL

URL: https://freestar.com/?utm_campaign=branding&utm_medium=stickyFooter&utm_source=anotepad.com&utm_content=anotepad_adhesion

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&c7=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&c7=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&c9=

Request Chain 30

https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
https://btloader.com/tag?h=freestar-io&upapi=true

Request Chain 102

https://usermatch.krxd.net/um/v2?partner=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T2JPRDdCTkY HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEE4gWTr98hIdK_uYk6SwaMY&google_cver=1

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T2JPRDdCTkY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm=&google_hm=T2JPRDdCTkY&google_tc= HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEN1rYBA-13lXs1o9DUUMTeU&google_cver=1

Request Chain 104

https://match.adsrvr.org/track/cmf/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=ObOD7BNF&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=ObOD7BNF&gdpr=0 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f

Request Chain 106

https://stags.bluekai.com/site/26357?id=ObOD7BNF&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DObOD7BNF%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID HTTP 302
https://beacon.krxd.net/usermatch.gif?_kuid=ObOD7BNF&partner=bluekai&bk_uuid=$_BK_UUID

Request Chain 108

https://ps.eyeota.net/match?bid=i0r4o4v&uid=ObOD7BNF HTTP 302
https://ps.eyeota.net/match/bounce/?bid=i0r4o4v&uid=ObOD7BNF HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmRBZGlRWkxUczl4a09MbERxbmVwS3R2SFRUXzdRSXFldWZneHV6Q0VrLVk&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=i0r4o4v& HTTP 302
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=i0r4o4v&google_gid=CAESEGENr_7q-k8tgPE9dvRpkXc&google_cver=1 HTTP 302
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=i0r4o4v& HTTP 302
https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=4055899242351198607&newuser=1&dc_rc=2&dc_mr=5&dc_orig=i0r4o4v& HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10015&redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3D7vi0rg0%26uid%3D%5BMM_UUID%5D%26dc_rc%3D3%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26 HTTP 302
https://ps.eyeota.net/match?bid=7vi0rg0&uid=6ef3616b-7308-4900-a7a1-df41050a2857&dc_rc=3&dc_mr=5&dc_orig=i0r4o4v& HTTP 302
https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26&_test=YWtzCAAAAE1L1QAR HTTP 302
https://ps.eyeota.net/match?uid=YWtzCAAAAE1L1QAR&bid=0rijhbu&dc_rc=4&dc_mr=5&dc_orig=i0r4o4v&&_test=YWtzCAAAAE1L1QAR HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP 302
https://ps.eyeota.net/match?uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f&bid=1e2n4ou

Request Chain 109

https://ib.adnxs.com/getuid?https://beacon.krxd.net/usermatch.gif?adnxs_uid=$UID HTTP 302
https://beacon.krxd.net/usermatch.gif?adnxs_uid=8665457160990187816

Request Chain 110

https://global.ib-ibi.com/image.sbxx?go=247532&pid=314&xid=ObOD7BNF HTTP 302
https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=ObOD7BNF

Request Chain 111

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID&rdf=1 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=66232E30-42A6-4224-8517-A35A018D9163

Request Chain 112

https://fei.pro-market.net/engine?mimetype=img&du=88&csync=ObOD7BNF HTTP 302
https://idsync.rlcdn.com/398696.gif?partner_uid=5791768784645604040

Request Chain 140

https://fksnk.com/cs/google?google_gid=CAESEPBrWneoZhVTuinHkPI5MEM&google_cver=1&google_push=AYg5qPKfMCEemyRgey3uCP6kiCBmFS0xpO4BHJXtx5FpUED8qM-ROpq5_WdLABl7Z-grFsGsU7wJ8vKiq7dMYvNZUha6SDlQkQ4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MUEwNERFNEVFRkQ3MTM2RA==

Request Chain 141

https://d5p.de17a.com/cookies/google?google_gid=CAESEICCi5DhzMCTbfuf9UVpUGE&google_cver=1&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEICCi5DhzMCTbfuf9UVpUGE&google_cver=1&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM

Request Chain 142

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENw1gxv9ZslXuRnUsq9AYDI&google_cver=1&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDWABqJHu5Hf80 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDWABqJHu5Hf80

Request Chain 143

https://cs.media.net/cksync?type=g&google_gid=CAESECbnNLDAUwnWIgbsNpAJkk8&google_cver=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SEOqVdcxbG5ID2VIx09wJ48DzH2rY2At-zZ5Xnn-cziMjtjbWhZ0HZes3p6CgL8eWhCagk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&mn_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SEOqVdcxbG5ID2VIx09wJ48DzH2rY2At-zZ5Xnn-cziMjtjbWhZ0HZes3p6CgL8eWhCagk&gdpr=&gdpr_consent=

Request Chain 144

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPkVHNedOcQT4Qac1D2BfME&google_cver=1&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCAdNvnm4ou2Nvir213X1rws HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCAdNvnm4ou2Nvir213X1rws&google_hm=MzMyNTc2MjM4MjA2NTg2NTE0OQ%3D%3D

Request Chain 145

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEHevdxufHfwnhSQQfffmaWk&google_cver=1&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glTO4ZBhEcL6nAd2eAA-pwozUtbK65Ri6QZQDP HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=YmY0ZTNkNGItZjZiMC00NWJkLTk0NmMtZWQ0N2Y5OGIwNjA4&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glTO4ZBhEcL6nAd2eAA-pwozUtbK65Ri6QZQDP

Request Chain 171

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnn8WMZhCwCRiwCTII4jBbAU9Ixm8 HTTP 301
https://tpc.googlesyndication.com/simgad/9288950999397694842

Request Chain 173

https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_pre=CIKH5OCc0PMCFYDnuwgd3VkOIg;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=

Request Chain 180

https://um.simpli.fi/gp_match?google_gid=CAESEL7yR58HiK37_HXtBfUCMvo&google_cver=1&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvCl2JAWuUNsAQbN HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E7656671465E4441B1F9C307A395EA23&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvCl2JAWuUNsAQbN

Request Chain 181

https://rtb.openx.net/sync/dds?google_gid=CAESENRK8X7OcQDwlgnpOokpAoI&google_cver=1&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

Request Chain 182

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMKyy9nukxHbT4lJPRFNYAc&google_cver=1&google_push=AYg5qPIHd0C-oCqxIW1a7ez2F3P6oa0M1qZI5VM9596sjYqU93eQ0Mrtvt7zJRKN2aVk4yJI1zljDfemJF-1ZDgQKJFdeOdrOAWp HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIHd0C-oCqxIW1a7ez2F3P6oa0M1qZI5VM9596sjYqU93eQ0Mrtvt7zJRKN2aVk4yJI1zljDfemJF-1ZDgQKJFdeOdrOAWp

Request Chain 183

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP

Request Chain 185

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBkuaDKgiQROgAOPdWgxRJU&google_cver=1&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM1Lh9SPRbAK6Y-lL6VL3yYLsVTVfw HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBkuaDKgiQROgAOPdWgxRJU&google_cver=1&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM1Lh9SPRbAK6Y-lL6VL3yYLsVTVfw&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRm9HUFc5RTJ1RXVRNU0xeDhXaERlY0ZJZ1I4Z1g5RH5B&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM1Lh9SPRbAK6Y-lL6VL3yYLsVTVfw

Request Chain 188

https://a.tribalfusion.com/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 189

https://rtb.openx.net/sync/dds?google_gid=CAESENRK8X7OcQDwlgnpOokpAoI&google_cver=1&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

Request Chain 190

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEODKdEodJUmiAxb-SVY-kEY&google_cver=1&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEODKdEodJUmiAxb-SVY-kEY&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg&google_hm=czNrOTJTdlNhUjZObFd3S3lvRTA=

Request Chain 191

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMKyy9nukxHbT4lJPRFNYAc&google_cver=1&google_push=AYg5qPKgjgNR9CjpXVKyRz_hs7KS5QZD1y7LM-ZKWknu74oR6tYWf8U4RWeOMFna0X13JZcn7UfvxdDk6ZRpxyk_sOilr3IxwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKgjgNR9CjpXVKyRz_hs7KS5QZD1y7LM-ZKWknu74oR6tYWf8U4RWeOMFna0X13JZcn7UfvxdDk6ZRpxyk_sOilr3IxwQ

Request Chain 192

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENZHXfxhF7dXUwzkRi7xgO0&google_cver=1&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENZHXfxhF7dXUwzkRi7xgO0&google_cver=1&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA&google_hm=a9a1a55b7ecf9ca692c01f92

Request Chain 193

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEPK-gdpgFQ_RoMpkDFpnhFs&google_cver=1&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyfg_ZkwhCqFycDyQFyMI3e3Y-jxaf9QtGkBSN7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZDVhMGNiZDUtZTkyZS00NmM2LWI5MDEtMDgyZDBiYmRhMDU5&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyfg_ZkwhCqFycDyQFyMI3e3Y-jxaf9QtGkBSN7

Request Chain 195

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 214

https://x.bidswitch.net/sync?ssp=themediagrid HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=themediagrid HTTP 302
https://x.bidswitch.net/sync?dsp_id=188&user_id=pdtY4Ek0TGhl93v7Ko92otiDcg0&user_group=1&ssp=themediagrid

Request Chain 215

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5

Request Chain 216

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=openx&bsw_user_id=9f2649fa-7899-4ab1-920b-6faad94ce83f HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=openx&bsw_user_id=9f2649fa-7899-4ab1-920b-6faad94ce83f HTTP 302
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=b0ece90f-b6ed-4e01-97f4-19a77964392e&ssp=openx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f

Request Chain 217

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816

Request Chain 218

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFMWUJrN0MxdVlBQUJ6Ry1kZEQ1dw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AALYB07C1uYAABzG-ddD5w&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID

Request Chain 219

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857

Request Chain 220

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV

Request Chain 221

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=964995397847548209

Request Chain 224

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1

Request Chain 225

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_ HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5

Request Chain 226

https://x.bidswitch.net/sync?ssp=openx HTTP 302
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=9f2649fa-7899-4ab1-920b-6faad94ce83f HTTP 302
https://x.bidswitch.net/sync?dsp_id=340&user_id=3a8b9544-e05f-4131-a6b8-d22eef0043af&expires=10&ssp=openx&bsw_param=9f2649fa-7899-4ab1-920b-6faad94ce83f HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f

Request Chain 227

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816

Request Chain 228

https://match.prod.bidr.io/cookie-sync/ox HTTP 303
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFMWUJVN0MxdVlBQUJ6Ry1kZEQ1dw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AALYB07C1uYAABzG-ddD5w&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csas%252Cox%26bee_sync_current_partner%3Dpm%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID

Request Chain 229

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857

Request Chain 230

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV

Request Chain 231

https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=22 HTTP 302
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5251699325527976924

Request Chain 234

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1

Request Chain 242

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795

Request Chain 243

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 244

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271

Request Chain 245

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFNc0trN0MxdVlBQUJUbjVVZnM0UQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID

Request Chain 246

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent= HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

Request Chain 247

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7682644081 HTTP 302
https://sync.1rx.io/usersync/tradedesk/d5d863bf-fdb6-4939-a2d1-4e447e72136f HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-d4d872b3-8627-4a9b-a53d-1b669f669020-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003

Request Chain 248

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR

Request Chain 252

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID HTTP 302
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0

Request Chain 254

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 255

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6ef3616b-7308-4900-a7a1-df41050a2857

Request Chain 256

https://pixel.onaudience.com/?partner=214&mapped=66232E30-42A6-4224-8517-A35A018D9163 HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=5c987e6a8ebdc5e1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab494ae046c&zcluid=5c987e6a8ebdc5e1&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESEM43Hbhb6IiaB84k3KgWtQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab494ae046c&zcluid=5c987e6a8ebdc5e1&zdid=1332

Request Chain 257

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjYyMzJFMzAtNDJBNi00MjI0LTg1MTctQTM1QTAxOEQ5MTYz&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 258

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDgYjtVALxcXupa74KkHkQw&google_cver=1

Request Chain 260

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d5d863bf-fdb6-4939-a2d1-4e447e72136f

Request Chain 261

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6320315628426885412

Request Chain 262

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6ef3616b-7308-4900-a7a1-df41050a2857&gdpr=0&gdpr_consent=

Request Chain 263

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8665457160990187816&gdpr=0&gdpr_consent=

Request Chain 264

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM

Request Chain 265

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=66232E30-42A6-4224-8517-A35A018D9163&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-HmbFyypE2uWoyr24NF61IK9timskhfQ-~A&gdpr=0&gdpr_consent=

Request Chain 267

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9f2649fa-7899-4ab1-920b-6faad94ce83f&ssp=pubmatic&gdpr=0&gdpr_consent=

Request Chain 268

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWtzCAAAAE1L1QAR&gdpr=0&gdpr_consent=

Request Chain 270

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553&gdpr=0&gdpr_consent=

Request Chain 271

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4055899242351198607&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 272

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1a56942f-312c-445f-b5a2-4fbd3eefe17f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 273

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8665457160990187816

Request Chain 276

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f

Request Chain 278

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1 HTTP 302
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f

Request Chain 279

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YWtzCu2Nagi4IazFOt3d-AAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1

Request Chain 281

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1

Request Chain 282

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

Request Chain 283

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6877181591705925327&uid=Q6877181591705925327&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 284

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-13f1c0a4-78ea-4ef4-8145-e5ca7221b86f

Request Chain 285

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1 HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALYB07C1uYAABzG-ddD5w&expiration=1635641359&gdpr=1

Request Chain 287

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 288

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1

Request Chain 289

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

Request Chain 291

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YWtzCu2Nagi4IazFOt3d-AAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1

Request Chain 292

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=BlpTcOZw1MBUmy5&gdpr=1

Request Chain 293

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433821438073588

Request Chain 294

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=de7961f2-655b-44f8-998c-391183e56670&expiration=1665967759

Request Chain 296

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 297

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/kLM3PtUmr6LkujSeRGgVecn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4430906362507146405

Request Chain 298

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGJhNDFlN2Y4NTA1MWM5ZDg2NzI5YjZlOTU2OTc2NDJhMzQxMTdlOQ

Request Chain 299

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUUIGR0U-26-FH9K&sigv=1&esig=2~dfd4e75cc804a2922b2d12934c031f5c01e0098f

Request Chain 300

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWtzCAAAAE1L1QAR

Request Chain 301

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6ef3616b-7308-4900-a7a1-df41050a2857&expires=28

Request Chain 303

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VVSUdSMFUtMjYtRkg5Sw==

Request Chain 317

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=

Request Chain 318

https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D HTTP 302
https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID

Request Chain 319

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23

Request Chain 320

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0

Request Chain 321

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=66232E30-42A6-4224-8517-A35A018D9163&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=66232E30-42A6-4224-8517-A35A018D9163&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=66232E30-42A6-4224-8517-A35A018D9163&addseg=10,33,39

Request Chain 322

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 324

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=66232E30-42A6-4224-8517-A35A018D9163 HTTP 302
https://a.audrte.com/p

Request Chain 325

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=11932672-2ee4-11ec-ac0e-8fc96b43e81e&gdpr=0&gdpr_consent=

321 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request exc8ajpf Show response
anotepad.com/notes/ 23 KB
10 KB 2170ms
1760ms Document
text/html 207.244.104.157
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL

https://anotepad.com/notes/exc8ajpf

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

207.244.104.157 Alexandria, United States, ASN30633 (LEASEWEB-USA-WDC, US),

Reverse DNS

anotepad.com

Software

Microsoft-IIS/8.5 /

Resource Hash

fce54832cbada03e8d9e1226e58298b4fe3da17f9585bfa3f850cbcff6f27fe4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: anotepad.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-Frame-Options: SAMEORIGIN
Date: Sun, 17 Oct 2021 00:49:08 GMT
Content-Length: 10413

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
38 KB 43ms
21ms Script
application/javascript 216.58.212.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-8870545-1

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.136 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

7331d9dce39e7c58559ad75a2a4dc5bdd713291c2a522130188e732fe3f8ff5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38498
x-xss-protection: 0
last-modified: Sun, 17 Oct 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 17 Oct 2021 00:49:10 GMT

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/ 119 KB
20 KB 60ms
22ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://anotepad.com/
Origin: https://anotepad.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 632, 617, 617
age: 2102118
cdn-cachedat: 2021-04-23 07:18:34
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: f5c7c3d0862c0081497e5f86ecb14a19
cf-ray: 69f586891acb2798-PRG
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H2 200 site-css
cdn.anotepad.com/bundles/ 11 KB
3 KB 48ms
8ms Stylesheet
text/css 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.anotepad.com/bundles/site-css?v=CZ4oNS7H5ccbxtJz5ubVUmeoRG_0LsB0TrEWnjgYtm81

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

7f941b8c4190696ffe563cd65d648faee92c126c608c71e2b0bfa1a3b2129a1e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 07 Oct 2021 05:03:50 GMT
content-encoding: gzip
last-modified: Thu, 07 Oct 2021 05:03:50 GMT
server: Microsoft-IIS/8.5
age: 848719
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=utf-8
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
cache-control: public
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: qhsbyxVK7SpGYxU463NkvPnH-2iZOw4zl2cKTkbACaAFTvS32WRnGA==
expires: Fri, 07 Oct 2022 05:03:50 GMT

GET
H2 200 cls.css
a.pub.network/core/pubfig/ 2 KB
1 KB 84ms
40ms Stylesheet
text/css 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/cls.css
Requested by: Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=kjwd8A==, md5=KtQsmezne0blpCqFIHo3UA==
date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdu8Mq9asdxnFbxtrpw7k4CzJuAWpHXZ9_8z7358MkNDpf_02IQENDIcwps7ctoMmFU2CKeoljEkXYYWGIqaur--igDiVA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: text/css
last-modified: Tue, 11 May 2021 20:31:48 GMT
server: cloudflare
etag: W/"2ad42c99ece77b46e5a42a85207a3750"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h3zP8I3ltkNOBz%2BHFhyuaml146YRTi9Ju0H5K%2FjUSdWHhxJ%2B7fFp3tc%2B5dC6UcWCO5WD34DBllVg7Wrn32pVI%2BCWCWGfBEdDVbfUdbKXzT5UvBtJxevCWhd2VgQARaU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620765108454625
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 1752
cf-ray: 69f586892c53278c-PRG
expires: Sun, 17 Oct 2021 01:06:00 GMT

GET
H2 200 anotepad.svg
cdn.anotepad.com/images/ 2 KB
1 KB 48ms
9ms Image
image/svg+xml 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.anotepad.com/images/anotepad.svg

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

00a1081b52175533a7f3b857f50cd13add6909e438464b56998e51d827ada440

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 15:28:41 GMT
content-encoding: gzip
last-modified: Sat, 13 Feb 2021 21:52:25 GMT
server: Microsoft-IIS/8.5
age: 379227
x-frame-options: SAMEORIGIN
etag: W/"8fdbe283522d71:0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: M_8Lmethm0YdEe53dV90Ya9KHSEnfUWD9HnE_xIqKofJti9oUPgw6w==

GET
H2 200 pubfig.min.js Show response
a.pub.network/anotepad-com/ 118 KB
45 KB 231ms
189ms Script
application/javascript 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/anotepad-com/pubfig.min.js
Requested by: Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d60560d22e6264effb7f9b776f7e377ec41642d25d7e123f7b0ee603d83e6385

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=ak2NYQ==, md5=0SW6aby1062PgdbKZ4Nmzw==
date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdvhJiK7wLZmF0JGNNJ4FSP-77GgNy9jtPmOFUQJb3j5skfXl_M1hYy_Lf0i04y7qhLHizCAuMUq7r2_LzrNdkbm-47WTg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-type: application/javascript
last-modified: Fri, 08 Oct 2021 17:19:50 GMT
server: cloudflare
etag: W/"d125ba69bcb5d3ad8f81d6ca678366cf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7xHFcE2h6CMsQA8tVpxzAscIW6cDEXvC%2FHz7Y7P8XEOzh9FaS%2FyWxRwrSreijCY7ceI5IRoRhp5YMQX9AU7R2CRcy59c9NXdsFEPx1G0j44Te%2FcJlQamwI7y%2FJOW%2B4%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1633713590172745
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=1800
x-goog-stored-content-length: 120818
cf-ray: 69f586892c55278c-PRG
expires: Fri, 15 Oct 2021 05:58:08 GMT

GET
H2 200 badge_applestore.png
cdn.anotepad.com/images/ 3 KB
3 KB 48ms
10ms Image
image/png 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.anotepad.com/images/badge_applestore.png

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

7f9164a13476744c911fea7dbab9a2924750f69f82ec1d51d2a09e64638952c0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 20:42:25 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
last-modified: Sun, 12 Jan 2020 18:32:03 GMT
server: Microsoft-IIS/8.5
age: 101791
etag: "82bdb9576c9d51:0"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 3050
x-amz-cf-id: QJV43PWGmaI3UJ8YiryZprfFkrXxIDSOyU5_tMRqZO1WYbYsqfAUnA==

GET
H2 200 badge_playstore.png
cdn.anotepad.com/images/ 4 KB
4 KB 48ms
10ms Image
image/png 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.anotepad.com/images/badge_playstore.png

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

f45f42097ab97da2bd3034f5f7331e2283a38f7147638825cd71912fe8dcbbb6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 13 Oct 2021 16:19:22 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
last-modified: Sun, 12 Jan 2020 18:32:03 GMT
server: Microsoft-IIS/8.5
age: 289950
etag: "bf8eda9576c9d51:0"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 3709
x-amz-cf-id: aKL2XzLGOO87U0Hx89RjZz9ibq8i0VXx3jwHspWX2rJFije5Xaobtw==

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 29ms
7ms Script
text/javascript 142.250.186.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f10.1e100.net

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 14:06:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 211348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Fri, 14 Oct 2022 14:06:42 GMT

GET
H2 200 jquery-ui.min.js Show response
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/ 248 KB
66 KB 37ms
15ms Script
text/javascript 142.250.186.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f10.1e100.net

Software

sffe /

Resource Hash

55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 14:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382012
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67948
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="hosted-libraries-pushers"
expires: Wed, 12 Oct 2022 14:42:18 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/3.4.1/js/ 39 KB
12 KB 56ms
20ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://anotepad.com/
Origin: https://anotepad.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 601, 617, 617
age: 15271264
cdn-cachedat: 2021-04-23 06:11:59
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: df5037e6dbb9bb1578d7548b41bb2e74
cf-ray: 69f586891acc2798-PRG
cdn-requestcountrycode: CZ
cdn-requestpullsuccess: True

GET
H2 200 site-js Show response
cdn.anotepad.com/bundles/ 11 KB
3 KB 47ms
9ms Script
text/javascript 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.anotepad.com/bundles/site-js?v=kttB7rWa1OhJrZEQB_jo6c8DT7h4Y8UywN47d92TrNQ1

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

ca4a64f25051d73e715e78148b0d5e8f9b9bcc30d1f7555ac7739fb69fc919c6

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 24 Jul 2021 08:39:57 GMT
content-encoding: gzip
last-modified: Sat, 24 Jul 2021 08:39:57 GMT
server: Microsoft-IIS/8.5
age: 7315752
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
cache-control: public
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: NJOMLJmDEW3pF9uxsbx0OghJK6IFtCxuoG5aLRy7EGKSq6vfHO_yug==
expires: Sun, 24 Jul 2022 08:39:57 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 61ms
10ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Sun, 17 Oct 2021 00:49:10 GMT
x-host: s7.addthis.com
content-length: 116325

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
20 KB 49ms
14ms Script
text/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-8870545-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Oct 2021 16:38:54 GMT
server: Golfe2
age: 2884
date: Sun, 17 Oct 2021 00:01:06 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Sun, 17 Oct 2021 02:01:06 GMT

GET
H2 200 icon_addthis.svg
cdn.anotepad.com/Images/ 347 B
709 B 7ms
7ms Image
image/svg+xml 13.225.87.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.anotepad.com/Images/icon_addthis.svg

Requested by

Host: cdn.anotepad.com
URL: https://cdn.anotepad.com/bundles/site-css?v=CZ4oNS7H5ccbxtJz5ubVUmeoRG_0LsB0TrEWnjgYtm81

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.87.30 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-87-30.fra2.r.cloudfront.net

Software

Microsoft-IIS/8.5 /

Resource Hash

39c6ec590be39bedd2592cbd4130f22e0d758b15ccb5c4be6f3569ce29df3247

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.anotepad.com/bundles/site-css?v=CZ4oNS7H5ccbxtJz5ubVUmeoRG_0LsB0TrEWnjgYtm81
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 15 Oct 2021 20:56:43 GMT
via: 1.1 57d93b321db68494cc6755a0d3fb29cd.cloudfront.net (CloudFront)
last-modified: Sun, 14 Feb 2021 19:56:45 GMT
server: Microsoft-IIS/8.5
age: 531457
etag: "b322f485b3d71:0"
x-frame-options: SAMEORIGIN
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=604800
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 347
x-amz-cf-id: m9Uw3lif_yjJN6IebuzXXhST-vat5NpjjISvRs1wpeESxfNBPIz64w==

POST
H/1.1 200
OK loadcomment Show response
anotepad.com/note/ 523 B
604 B 105ms
105ms XHR
text/html 207.244.104.157
LEASEWEB-USA-WDC

General

Check archive.org

Show headers Download Go to

Full URL

https://anotepad.com/note/loadcomment

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

207.244.104.157 Alexandria, United States, ASN30633 (LEASEWEB-USA-WDC, US),

Reverse DNS

anotepad.com

Software

Microsoft-IIS/8.5 /

Resource Hash

c4cbcc68d7a949e09034b1bdf19f4da6d9727b7f0d91bfaa146579d84d027f25

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Sec-Fetch-Mode: cors
Origin: https://anotepad.com
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Content-Length: 19
Pragma: no-cache
Host: anotepad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Cache-Control: no-cache
Referer: https://anotepad.com/notes/exc8ajpf
Sec-Fetch-Site: same-origin
Accept: */*
Referer: https://anotepad.com/notes/exc8ajpf
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Sun, 17 Oct 2021 00:49:08 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/8.5
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 360

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 50ms
7ms Script
application/x-javascript 2.18.235.40
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.235.40 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-235-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=8300
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
204 B 21ms
21ms XHR
text/plain 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=511129583&t=pageview&_s=1&dl=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&ul=en-us&de=UTF-8&dt=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1195435809&gjid=1026997448&cid=745146848.1634431751&tid=UA-8870545-1&_gid=1171446714.1634431751&_r=1&gtm=2ouad0&z=1282997632

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://anotepad.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
458 B 43ms
14ms XHR
text/plain 64.233.166.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-8870545-1&cid=745146848.1634431751&jid=1195435809&gjid=1026997448&_gid=1171446714.1634431751&_u=YEBAAUAAAAAAAC~&z=774101672

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

64.233.166.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wm-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 17 Oct 2021 00:49:10 GMT
content-type: text/plain
access-control-allow-origin: https://anotepad.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 init Show response
d.pub.network/v2/ 24 KB
5 KB 248ms
223ms XHR
application/json 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.pub.network/v2/init?siteId=2321&env=PROD
Requested by: Host: a.pub.network
URL: https://a.pub.network/anotepad-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: d766831f2637a7f23f8d1507b338a64589c9aa9ab83243e87041c2192cbf1d22

Request headers

Accept: application/json, text/plain, */*
Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: gzip
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
522 B 41ms
20ms Image
image/gif 172.217.23.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-8870545-1&cid=745146848.1634431751&jid=1195435809&_u=YEBAAUAAAAAAAC~&z=121196584

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-56846750fb16a611/ 166 B
325 B 34ms
26ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-56846750fb16a611/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:10 GMT
content-encoding: gzip
etag: 659743217
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=34, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 154

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 92 B
252 B 158ms
136ms Script
application/javascript 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=616b7306c5f76e3e&bkl=0&bl=1&pdt=2226&sid=616b7306c5f76e3e&pub=ra-56846750fb16a611&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=anotepad.com&fp=notes%2Fexc8ajpf&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=0&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1634431750859&jsl=1&uvs=616b73063f913b39000&skipb=1&callback=addthis.cbs.jsonp__00101754352775684790
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-75-88-126.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c8d3e8d5a63342e67192e0364331351a3cc6b3039c8695efe0c9fe6cd4efa60a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 92
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 26D3 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame E092 71 KB
26 KB 10ms
9ms Document
text/html 104.75.88.126
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.88.126 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-88-126.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
etag: W/"5f971164-11adc"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 26421
date: Sun, 17 Oct 2021 00:49:10 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 44ms
12ms Script
application/javascript 13.225.87.102
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/anotepad-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-102.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 02:24:38 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 80739
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-amz-cf-id: o1tAhp3SB-U-SYb5ZuK9oIkZczPQfG_-gZmLEr417DXwi6V6hPsGcQ==

GET
H2 200 pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js Show response
a.pub.network/core/pubfig/ 324 KB
98 KB 35ms
35ms Script
application/javascript 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/anotepad-com/pubfig.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29d1e5453401263d835235fd249bf5891fbc3ffcecd82cc3fed01f7b79770d5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=lx9SPQ==, md5=fPs/gsJe0WJAnr2cqv0P+A==
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdtTO5w-oIvvzcGzCbnX4YfjqYLY30UQbXOhNY9rL3wbuDqai6nsIQSksaamqM_YIsPys4_PycoVcMqtNsqoyW4N46Y7kQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-ray: 69f5868c5e24278c-PRG
last-modified: Fri, 08 Oct 2021 15:29:24 GMT
server: cloudflare
etag: W/"7cfb3f82c25ed162409ebd9caafd0ff8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EfkwQ15BSiLRAOB2EwmjuQKYZSWXCycLozKbbybsYTjwDclCXnw3CJI53OV5niXOLlnQu6nv%2BT82jSQVhei4ZguuLNeZRTPqmlzqkhYRnGKmYCactbEKdh0n%2BboIZxc%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1633706964029958
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 332200
content-type: application/javascript
expires: Fri, 15 Oct 2021 00:36:46 GMT

GET
H2

200

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit...
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavori...

64 B
329 B

10ms
10ms

Image
image/gif

13.225.87.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&c7=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-102.fra2.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 6hsp3Pw4A5NeyUE3qvlNYOM9JA2TsHKb7IP9tHbJJ9gJ0GgbeKpwnQ==

Redirect headers

date: Sun, 17 Oct 2021 00:49:11 GMT
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_ucfr=1&ns__t=1634431751114&ns_c=UTF-8&cv=3.5&c8=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&c7=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&c9=
content-length: 290
x-amz-cf-id: aM4IqI0ohTxLPjtZ7NJLhDOcw5VRJrUCynbkzTwqEm564Cft0QVaAw==

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ 4 KB
2 KB 52ms
14ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 05:08:54 GMT
content-encoding: gzip
age: 70817
x-guploader-uploadid: ADPycdszbl1DMjdQ-ld9V0J_MQdfMeu7v_l6Bxx6_aIfv719u1gcN26btdcj8mG_AkG_Kz16dkCSDV6MEcc1Pidr3P2pcsAGpg
x-goog-storage-class: MULTI_REGIONAL
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1482
x-goog-meta-
last-modified: Wed, 07 Apr 2021 18:40:01 GMT
server: UploadServer
etag: "dd7e4933d35d1a7cb610442e9bea8b94"
vary: Accept-Encoding
x-goog-hash: crc32c=dtXWGA==, md5=3X5JM9NdGny2EEQum+qLlA==
x-goog-generation: 1617820801121016
cache-control: public,max-age=3600
x-goog-stored-content-length: 1482
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 80 KB
27 KB 79ms
25ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

7fdbedfdbfe2994c1fbd6a1aa50f8e7f5adfdf3080d2d2d4c67eafc468d3378f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1017 / 713 of 1000 / last-modified: 1634411020"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27153
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 17 Oct 2021 00:49:11 GMT

GET
H2

200

tag Show response
btloader.com/
Redirect Chain

https://freestar-io.videoplayerhub.com/gallery.js
https://btloader.com/tag?h=freestar-io&upapi=true

110 KB
23 KB

69ms
24ms

Script
application/javascript

104.26.7.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://btloader.com/tag?h=freestar-io&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.7.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62a69105c0293b4b26df6051c8c655890a6eb9ea27c63557f2e022c333dc25a4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 69f5868d9a75411f-PRG
date: Sun, 17 Oct 2021 00:49:11 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 1439
etag: W/"068584269f926a1cb644319110c2485c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YuByRrue230NPdvBPdy4TCVh6axHUOSXqR%2BlnCXEquxb%2BGeNCvn4k1kCnXZq%2FkyNdAImjd26Ri5uaXV%2FkRl9wWPpQ1x7i6codcSfYnO7Qf5ZYN7nwv3GBO2Y7t7dRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800, must-revalidate
content-encoding: br

Redirect headers

date: Sun, 17 Oct 2021 00:49:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uTfPyzJNDIoF4i63jTHUnpmWdlZ%2FtHckjdnuC3AM83amtzeIj4z0aytol1pPpEV1vS4mqArsdoMovodQwg%2Fy9F4EBgFdTjessbI7BApNOtKcl0dD3Rg4qaUP%2F4my95fv8pkCjHJZmu1ur575MSKx6g%3D%3D"}],"group":"cf-nel","max_age":604800}
location: https://btloader.com/tag?h=freestar-io&upapi=true
cache-control: max-age=3600
cf-ray: 69f5868d280127a0-PRG
expires: Sun, 17 Oct 2021 01:49:11 GMT

GET
H2 200 prebid-analytics-4.42.6.js Show response
a.pub.network/core/ 454 KB
142 KB 37ms
37ms Script
text/html 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c9adacf90f2c434aef36301ba50b24bfe9b10651508fd1ff8880247106872c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/naSAQ==, md5=kgFsZ5XU+mBrDiHSNTa40w==
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycdtsTCc_N78z3vwkzcY9htS1VAHUoafQXFhVLcDcvU8A0zZaEnJO_QG1owLblNjV2I-zRA3RxTVpiqfdZ3XeCOWgwDdMhw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: identity
cf-ray: 69f5868d0e71278c-PRG
last-modified: Thu, 05 Aug 2021 15:36:48 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDqMRnELx1a8gLzKAI0iuojvs6YFzccAx%2FmexUvl0R6iABcH3sLTQzR2%2Fy6kHHgsGOV9nWOa4FeraOy6YZSodwOjiagpGLVbGCIzD8o6ZnFCxfQ9ux2%2FZL%2F0eLfCu8M%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1628177807921390
access-control-expose-headers: *
cache-control: private, max-age=86400
x-goog-stored-content-length: 464928
content-type: text/html
expires: Sun, 16 Oct 2022 23:37:30 GMT

GET
H2 200 pubads_impl_2021101201.js Show response
securepubads.g.doubleclick.net/gpt/ 361 KB
122 KB 80ms
26ms Script
text/javascript 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

sffe /

Resource Hash

3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124532
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 08:35:04 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 17 Oct 2021 00:49:11 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 90 B
738 B 67ms
28ms XHR
application/json 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=anotepad.com

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

8a152fa7d63042de67cd9f5f88a298cb1745da2f35510fadade49f651de13dc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81
x-xss-protection: 0
expires: Sun, 17 Oct 2021 00:49:11 GMT

GET
H2 200 favicon.ico
ad.doubleclick.net/ 1 KB
685 B 63ms
14ms Image
image/x-icon 142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 08:47:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 57676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0
last-modified: Tue, 08 May 2012 13:08:06 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 17 Oct 2021 08:47:55 GMT

GET
H2 200 px.gif
ad-delivery.net/ 43 B
924 B 65ms
22ms Image
image/gif 172.67.69.19
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.51838431102636
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.69.19 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
date: Sun, 17 Oct 2021 00:49:11 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2786
x-guploader-uploadid: ABg5-UwXkjCiMZcCnzxkg3HxMvN7obGQSYa29h1f56fjJW6-LOWg_OGxiqZ61LVV9hzngbZkRkUtVjI9uRo6f5UZH_VPZZ3w7w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 5
x-goog-stored-content-encoding: identity
content-type: image/gif
content-length: 43
last-modified: Wed, 05 May 2021 19:25:32 GMT
server: cloudflare
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2FIrvyVfeuQzbq15m6oSKhwf%2BSP1T2YgVioA7lyeFwq7hzOofqHinIGX0ap8UU%2F1D52jHVVxYSRZ2C5lDThLthaBnVTFdAd0u9ue76Kq5rttEIPR6ZFts9qQATp0DQ0YWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1620242732037093
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
x-goog-stored-content-length: 43
accept-ranges: bytes
cf-ray: 69f5868e180d4107-PRG
expires: Sun, 17 Oct 2021 00:47:26 GMT

GET
H2 204 pv Show response
api.btloader.com/ 0
96 B 155ms
119ms XHR
text/plain 130.211.23.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.btloader.com/pv?tid=7Hw4qdHA1&w=5749887104712704&o=5714937848528896&cv=2.0.2-2-gfdc9054&r=false&pageURL=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&upapi=true
Requested by: Host: freestar-io.videoplayerhub.com
URL: https://freestar-io.videoplayerhub.com/gallery.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 17 Oct 2021 00:49:11 GMT
cache-control: no-cache, no-store, must-revalidate
vary: Origin
alt-svc: clear
via: 1.1 google

GET
H2 200 op.js Show response
tagan.adlightning.com/freestar/ 59 KB
24 KB 37ms
9ms Script
application/javascript 13.225.87.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/op.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-65.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 03357e64ce1abe69e09ec26ec18fcc7d46b47c886733e4d2efe0a1f50a8f6e17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: McdH5MkW_SEl1iEOmNqDbRShwQRxesTS
content-encoding: gzip
etag: "3d42d58b3b42a10c6cf570a5bfb56644"
age: 780
x-cache: Hit from cloudfront
content-length: 24567
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 12 Oct 2021 13:46:46 GMT
server: AmazonS3
date: Sun, 17 Oct 2021 00:37:47 GMT
content-type: application/javascript
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
x-amz-cf-id: 4ZUlZgZKmLMOZKPh7s6Iyh91s8tKbcOwB3UnwfuqIxyFSSO8TNs1Dw==

GET
H2 200 b-7b120a5-b3bdc5bb.js Show response
tagan.adlightning.com/freestar/ 74 KB
28 KB 9ms
9ms Script
application/javascript 13.225.87.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/b-7b120a5-b3bdc5bb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-65.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 922851ab1a5fce51fbdb9306f1329bf8e80919b6c443b38792b183da23d15314

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 03 Sep 2021 04:56:59 GMT
content-encoding: gzip
age: 3786733
x-cache: Hit from cloudfront
content-length: 28519
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 16 Aug 2021 16:44:53 GMT
server: AmazonS3
etag: "740bb6532e59e4676cc74228cc09fc36"
x-amz-version-id: 7vSoDick1OFIZRTjmPdylyGMRRN80fGd
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: QvcActhIYKEBV_M3PCEJULgARvmZFpkCngAzjvsNhs5HHnqZw8NTDQ==

GET
H2 200 bl-e1f86f1-b76b56dd.js Show response
tagan.adlightning.com/freestar/ 48 KB
20 KB 8ms
8ms Script
application/javascript 13.225.87.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/freestar/bl-e1f86f1-b76b56dd.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-65.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 812120e5ae14c01f8e582a6f65d8edd5be512183469167e1b4aa44babf4f16fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 14:07:53 GMT
content-encoding: gzip
age: 384079
x-cache: Hit from cloudfront
content-length: 20181
x-amz-meta-git_commit: e1f86f1
last-modified: Tue, 12 Oct 2021 13:45:57 GMT
server: AmazonS3
etag: "5eb30c80051cf1068fd5977c36ebf0e1"
x-amz-version-id: spQNSK2k7inCQ_SvbouhGWqjPSU15D2l
via: 1.1 286eb4b50e0acf373dd03645aee00b7f.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: y4oXDhuBBjp4Ce88ACODlfnPh9mzFD6ApU4kIoud7ZwlbaXwgmB5Rg==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
9 KB 36ms
10ms Script
application/javascript 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2d452ca7bf499867307ebfa48373084a42e1f56ec0a26e5bb2e12f01888c3cc9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
etag: "XUylRaJiJNdi08iU32oNYQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sun, 24 Oct 2021 00:49:11 GMT

GET
H2 200 freestar.js Show response
dggaenaawxe8z.cloudfront.net/ic/audiencesegment/ 8 KB
3 KB 35ms
8ms Script
application/javascript 13.224.194.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.194.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-76.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: da3c5a2e809324e17c200da5501c0504fa5abe3acbd74dc7b53f4d61a06b66c6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 04:17:50 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 04:14:50 GMT
server: AmazonS3
age: 73884
etag: W/"875dd76c5784ab5abc64ac0e780a24ae"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 1d67a4c00b06651cb6daa95ec3f21f9b.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: GsJgLws-XSilQAeFAlvQISxeTP5FWar4Y0tGRTMbNWjVUBaB3A4BMA==

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
111 B 98ms
70ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
450 B 361ms
120ms XHR
application/javascript 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1634431751637&secure=true&version=9&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&measurable=true&bids[0][bidId]=4a5309e212f042&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=anotepad_adhesion&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6fdafcd0b7e61e259b95fa4864f9ca2d02e8c0c3187a162e95b492e6ce4f398b

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
x-powered-by: Express
etag: W/"38-RcRrtPZcvt6DX6/7ip+XDk0GRG0"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://anotepad.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 129ms
83ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f0170a00&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 01e18d1f628f0b912efc3c77c4b6b7b1f5decb50ecdb73d93c575a6c48fa14cb

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 117ms
71ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9698b40175759a19619dee240d0031&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: ebda2962adf78697c290fe6eec1c4edcb127002d677867f4e99b5c30313a9efc

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
185 B 58ms
14ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.42.1&cb=36293359942
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:10 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
222 B 118ms
31ms XHR
text/plain 52.48.144.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22anotepad_adhesion%22%2C%22callback_id%22%3A%221273e2ed271d65c%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%7D%5D&page_url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&bust=1634431751642&pr=&scrd=1&dnt=false&description=aNotepad.com%20is%20your%20online%20notepad%20on%20the%20web.%20It%20allows%20you%20to%20store%20notes%20on%20the%20GO%20without%20having%20to%20Login.%20You%20can%20use%20a%20rich%20text%20editor%2C%20sort%20notes%20by%20date%20or%20title%20and%20make%20notes%20private.%20Best%20of%20all%20-%20anotepad%20is%20a%20fast%2C%20clean%2C%20simple%20to%20use%20and%20FREE%20online%20web%20notepad.&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=f2df457a-5706-461c-9d83-5866a76709be&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%221036%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.144.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-144-237.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

POST translator
hbopenbid.pubmatic.com/ 0
0

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
267 B 66ms
15ms XHR
application/json 18.192.135.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.135.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-135-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://anotepad.com
Date: Sun, 17 Oct 2021 00:49:11 GMT
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Content-Length: 2
Content-Type: application/json; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 11 KB
7 KB 117ms
81ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

fd8c061545c2527ecbb118b19e93e32e8670e3648292ba82e791a8859f8bf3f7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a91cf780-cecb-4b60-8ef5-f299a42d212d
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
371 B 162ms
78ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676941&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2221020790e9e7965%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%221036%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2222d9112a7efd46f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_adhesion%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2223873c90b8548f2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_adhesion%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bc6ff9223e4d2596d566268618cf97e62043d1a3390629f94a397b34277ed83e

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.13], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://anotepad.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 12
expires: Sun, 17 Oct 2021 00:49:11 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
149 B 137ms
104ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cNQLIgg3Or7iD1aKlKyvbs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: efdd211a38482dcf155a40ed7e2f6526d0a0040c1bbd6571d0e14a54b5b43f56

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
295 B 129ms
97ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cNQLIgg3Or7iD1aKlKyvbs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 57a8bba3fa74a3ab019d88585e0a1cc5e18c07c5ffc17873d4919adcc553a01b

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 134ms
102ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cNQLIgg3Or7iD1aKlKyvbs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 8dd2b01be72e550471c100d7bb7a992765d4cb28dbefc5cbdf9015c73825524e

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 568 B
2 KB 197ms
113ms XHR
application/json 213.19.162.61
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2177788&size_id=2&alt_size_ids=55&rp_schain=1.0,1!freestar.com,1036,1,,,&rf=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&tg_i.name=anotepad-com&tg_i.domain=anotepad.com&tg_i.cat=IAB5&tg_i.sectioncat=IAB5&tg_i.pagecat=IAB5&tg_i.page=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&tg_i.fs_ad_product=stickyFooter&tg_i.dfp_ad_unit_code=15184186%2C21641952176%2Fanotepad_adhesion&tg_i.pbadslot=15184186%2C21641952176%2Fanotepad_adhesion%2Fanotepad_adhesion&tk_flint=pbjs_lite_v4.42.1&x_source.tid=d0781670-ae8d-4afb-9796-4bb65a9895c5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7221499729756276
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.61 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: eb7da428be5ab87a4c392c0355bba3baf24cbc7bc8c1128ab5d38b440e617498

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://anotepad.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 568
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 173 B
558 B 52ms
25ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=d0781670-ae8d-4afb-9796-4bb65a9895c5&nocache=1634431751659&pubcid=f2df457a-5706-461c-9d83-5866a76709be&schain=1.0%2C1!freestar.com%2C1036%2C1%2C%2C%2C&aus=728x90%2C970x90&divids=anotepad_adhesion&aucs=%252F15184186%252C21641952176%252Fanotepad_adhesion%252Fanotepad_adhesion&auid=539181725
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 0e9b9539e9d16124e17da2dde795221f188b4fafd92a330d87244fa210338882

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
server: OXGW/16.217.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://anotepad.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 164
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1 KB 36ms
36ms Image
image/svg+xml 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycduwCORgR8e52aN5YYaGi6b8pKwif9p3wNyW9k13ZvWGZeKtYy-Aso57GRTga79RGpmSATD7oWGRVGynJ7glOQs
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rFqFTOAsYaz%2B2znrmd%2BxJHPLSTSMCJ2IX5yV6tFQEj5NydIZ4DrzWJC7iyL9S2OYx2ngLOzSE2IdrCweBj89bhJL3n%2B%2FaVlsTMdLpgPMHNS3iQRPrukAlSFVOtyEDds%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 69f5869028b4278c-PRG
expires: Sun, 17 Oct 2021 01:33:52 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
185 B 14ms
14ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.42.1&cb=56427259092
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.am5.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:10 GMT
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Finatra
timing-allow-origin: *
vary: Origin

POST
H/1.1 200
OK hbjson Show response
grid.bidswitch.net/ 2 B
267 B 21ms
21ms XHR
application/json 18.192.135.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://grid.bidswitch.net/hbjson
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.192.135.64 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-192-135-64.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://anotepad.com
Date: Sun, 17 Oct 2021 00:49:11 GMT
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Content-Length: 2
Content-Type: application/json; charset=UTF-8

GET
H2 204 prebid Show response
ads.yieldmo.com/exchange/ 0
221 B 31ms
30ms XHR
text/plain 52.48.144.237
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/exchange/prebid?pbav=4.42.1&p=%5B%7B%22placement_id%22%3A%22anotepad_leaderboard_atf%22%2C%22callback_id%22%3A%2255cc72e8f13618f%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%2C%5B300%2C250%5D%2C%5B970%2C250%5D%2C%5B336%2C280%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%7D%2C%7B%22placement_id%22%3A%22anotepad_leaderboard_btf%22%2C%22callback_id%22%3A%2256b64bf92c56625%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%2C%5B970%2C90%5D%2C%5B300%2C250%5D%2C%5B970%2C250%5D%2C%5B336%2C280%5D%5D%2C%22ym_placement_id%22%3A%222662464007037722661%22%7D%5D&page_url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&bust=1634431751827&pr=&scrd=1&dnt=false&description=aNotepad.com%20is%20your%20online%20notepad%20on%20the%20web.%20It%20allows%20you%20to%20store%20notes%20on%20the%20GO%20without%20having%20to%20Login.%20You%20can%20use%20a%20rich%20text%20editor%2C%20sort%20notes%20by%20date%20or%20title%20and%20make%20notes%20private.%20Best%20of%20all%20-%20anotepad%20is%20a%20fast%2C%20clean%2C%20simple%20to%20use%20and%20FREE%20online%20web%20notepad.&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&w=1600&h=1200&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%7D&us_privacy=&pubcid=f2df457a-5706-461c-9d83-5866a76709be&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%221036%22%2C%22hp%22%3A1%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.144.237 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-144-237.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
x-robots-tag: none,NOINDEX,NOFOLLOW
access-control-allow-methods: POST, GET, OPTIONS
access-control-request-headers: Cache-Control, Pragma

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 10 KB
7 KB 182ms
181ms XHR
application/json 184.31.84.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676941&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2257bb09558260f2d%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A2%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A2%2C%22ren%22%3Afalse%2C%22version%22%3A%224.42.1%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22freestar.com%22%2C%22sid%22%3A%221036%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%225850b1c0bbe6d53%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_atf%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2259598ff7646e2f2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_atf%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22608dada509272cb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22300x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_atf%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2261a9d71afbea454%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22970x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_atf%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2262b978433a05ddb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22336x280%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_atf%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2263c1b6fba233543%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22728x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_btf%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%226424abecb8cad0e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22970x90%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_btf%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22657aebfd3fed314%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22300x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_btf%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22668b981fabb0422%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22970x250%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_btf%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22673ae2a39722733%22%2C%22ext%22%3A%7B%22siteID%22%3A%22676941%22%2C%22sid%22%3A%22336x280%22%2C%22dfp_ad_unit_code%22%3A%22%2F15184186%2C21641952176%2Fanotepad_leaderboard_btf%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2f4f646ee9e19b2239714b2447f3da96fae866a1e78d533de93603327537ba44

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[216.131.114.13], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: https://anotepad.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 6439
x-ak-client-geo: 12
expires: Sun, 17 Oct 2021 00:49:12 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
149 B 95ms
94ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cNQLIgg3Or7iD1aKlKyvbs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 21c2ffd720c22f2095ce309e1871d72cf2ae40ba9c95b0eb408a9a54f25188cf

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 66 B
158 B 97ms
97ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb?guid=cNQLIgg3Or7iD1aKlKyvbs
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: d4a94eb43ba2249f27baca81f05255d197685aaf4d7814a1fb7fd9eac4f81b16

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2 200 arj Show response
freestar-d.openx.net/w/1.0/ 174 B
362 B 57ms
57ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://freestar-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=df8230c0-16f9-4269-bf46-70a4673423d7%2Ccedc3699-024c-422f-b247-2031baea67fb&nocache=1634431751831&pubcid=f2df457a-5706-461c-9d83-5866a76709be&schain=1.0%2C1!freestar.com%2C1036%2C1%2C%2C%2C&aus=728x90%2C970x90%2C300x250%2C970x250%2C336x280%7C728x90%2C970x90%2C300x250%2C970x250%2C336x280&divids=anotepad_leaderboard_atf%2Canotepad_leaderboard_btf&aucs=%252F15184186%252C21641952176%252Fanotepad_leaderboard_atf%252Fanotepad_leaderboard_atf%2C%252F15184186%252C21641952176%252Fanotepad_leaderboard_btf%252Fanotepad_leaderboard_btf&auid=539181725%2C539181725
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 56d9b1d7d2b3dd71909098a493ff90edbbb988ef3a9da670f9e8ba509f707925

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
content-encoding: gzip
server: OXGW/16.217.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://anotepad.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: clear
content-length: 165
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 26 KB
11 KB 104ms
104ms XHR
application/json 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

fd6cc7e5a8fcd221985ed5a97b5c58bcb333f508e04510254952002f0689a6d2

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 5d772d50-d75e-4b1e-98ac-4a620d17790d
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST translator
hbopenbid.pubmatic.com/ 0
0

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 92ms
92ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f3730a02&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 1a275f22ae21d927111493e63b14820d72d4df0bde5e408e95e8d9705aa2bd92

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 81ms
81ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f0170a00&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 95d57cd7cf806f7238708d78b7b4b731161658ce14b5d594cafa9bd7e02c68b3

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 102ms
87ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319470184320795&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 34f56681a2444c38fd80aef6fe24618f292be66752121647cb4d3fa8bb91fb11

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 94ms
78ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9698b40175759a19619dee240d0031&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: e8de481630ed7fc7d00ae57f15de060d73817e3c6490e51c526ece3799984be2

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 100ms
84ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f3730a02&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: bad0fc7d947cceb34f0d759dc25bca4b939db10f864fd9a93bb16bf9c13b620d

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 135ms
119ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9694120174744413194708f0170a00&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 0cdcea0da2bb7cd99b76f54f32e74b203b5d345c6f8905089e0544a2f35cb041

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 165ms
85ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a969412017474441319470184320795&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 35b53b6b1521cdc597fcae00ee5cecd6eeb2f60b04ef45632991b501c4cf2b84

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:12 GMT
Server: ATS/7.1.2.138
Age: 1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
472 B 161ms
70ms XHR
application/json 35.157.246.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96941201747444131946df35500551&pos=8a9698b40175759a19619dee240d0031&cmd=bid&req=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&secure=1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 3fe59eff4e7741bcb650f03f35eb3d01b3c367523550b9764f3d0b65ce8a10ff

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Sun, 17 Oct 2021 00:49:12 GMT
Server: ATS/7.1.2.138
Age: 1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://anotepad.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 74ms
73ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 63ms
63ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 73ms
73ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 19ms
18ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 69ms
68ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 72ms
72ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 90ms
90ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/WYu2BXv1/ 0
110 B 73ms
73ms XHR
text/plain 35.158.37.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/WYu2BXv1/v1
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.37.68 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-37-68.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://anotepad.com
date: Sun, 17 Oct 2021 00:49:11 GMT
access-control-allow-credentials: true
vary: Origin

GET
H2 200 display Show response
mantodea.mantisadnetwork.com/prebid/ 56 B
449 B 161ms
122ms XHR
application/javascript 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/display?tz=0&buster=1634431751839&secure=true&version=9&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&measurable=true&bids[0][bidId]=105e8cf2a9fff8b1&bids[0][config][property]=5c3404d83e048a00261ad27f&bids[0][config][zone]=anotepad_leaderboard_atf&bids[0][sizes][0][width]=728&bids[0][sizes][0][height]=90&bids[0][sizes][1][width]=970&bids[0][sizes][1][height]=90&bids[0][sizes][2][width]=300&bids[0][sizes][2][height]=250&bids[0][sizes][3][width]=970&bids[0][sizes][3][height]=250&bids[0][sizes][4][width]=336&bids[0][sizes][4][height]=280&bids[1][bidId]=106b77b013ed35ae&bids[1][config][property]=5c3404d83e048a00261ad27f&bids[1][config][zone]=anotepad_leaderboard_btf&bids[1][sizes][0][width]=728&bids[1][sizes][0][height]=90&bids[1][sizes][1][width]=970&bids[1][sizes][1][height]=90&bids[1][sizes][2][width]=300&bids[1][sizes][2][height]=250&bids[1][sizes][3][width]=970&bids[1][sizes][3][height]=250&bids[1][sizes][4][width]=336&bids[1][sizes][4][height]=280&property=5c3404d83e048a00261ad27f&foo
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 16cb05a8bd7780c8f68b9fd50cfc79b85f9d99c076037a03ae194ed271ec5733

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:11 GMT
x-powered-by: Express
etag: W/"38-MEaskTLjSp/smon9Urfdx0YEcTA"
vary: Origin
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://anotepad.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 56
expires: -1

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 676 B
2 KB 161ms
147ms XHR
application/json 213.19.162.61
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=2177788&size_id=15&alt_size_ids=2%2C16%2C55%2C57&rp_schain=1.0,1!freestar.com,1036,1,,,&rf=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&tg_i.name=anotepad-com&tg_i.domain=anotepad.com&tg_i.cat=IAB5&tg_i.sectioncat=IAB5&tg_i.pagecat=IAB5&tg_i.page=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&tg_i.fs_ad_product=superflex&tg_i.dfp_ad_unit_code=15184186%2C21641952176%2Fanotepad_leaderboard_atf%3B15184186%2C21641952176%2Fanotepad_leaderboard_btf&tg_i.pbadslot=15184186%2C21641952176%2Fanotepad_leaderboard_atf%2Fanotepad_leaderboard_atf%3B15184186%2C21641952176%2Fanotepad_leaderboard_btf%2Fanotepad_leaderboard_btf&tk_flint=pbjs_lite_v4.42.1&x_source.tid=df8230c0-16f9-4269-bf46-70a4673423d7%3Bcedc3699-024c-422f-b247-2031baea67fb&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=2&rand=0.04985356959682341
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 213.19.162.61 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: 1c3d57a4ca36168fa3fa9f02abe09eab215fef873be8b6f41715774bc1563245

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:12 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://anotepad.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 676
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 womptv2nm.js Show response
cdn.krxd.net/controltag/ 13 KB
4 KB 38ms
6ms Script
text/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/womptv2nm.js
Requested by: Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Sun, 17 Oct 2021 00:49:11 GMT
via: 1.1 varnish, 1.1 varnish
age: 406
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3716
x-served-by: config-service-a001-ash-prod.krxd.net, cache-bwi5133-BWI, cache-hhn4080-HHN
x-response-time: 0
x-do-esi: esi
x-timer: S1634431752.901451,VS0,VE0
etag: "fa213313d0f749c73627133b4ab4942a6489b2c7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 11

POST
H2 201 logs Show response
uat5-b.investingchannel.com/ 0
445 B 24ms
8ms XHR
text/plain 52.57.27.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uat5-b.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Requested by: Host: dggaenaawxe8z.cloudfront.net
URL: https://dggaenaawxe8z.cloudfront.net/ic/audiencesegment/freestar.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.27.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-27-215.eu-central-1.compute.amazonaws.com
Software: Jetty(9.4.12.v20180830) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/json
Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
server: Jetty(9.4.12.v20180830)
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 logs
uat5-b.investingchannel.com/ Frame 0
0 35ms
8ms Preflight 52.57.27.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://uat5-b.investingchannel.com/logs?gdprapplicable=false&uspstatus=NOT_APPLICABLE
Protocol: H2
Server: 52.57.27.215 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-27-215.eu-central-1.compute.amazonaws.com
Software: Jetty(9.4.12.v20180830) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://anotepad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 17 Oct 2021 00:49:11 GMT
content-length: 0
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers Accept-Encoding, User-Agent
access-control-allow-origin: https://anotepad.com
access-control-allow-methods: POST
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
server: Jetty(9.4.12.v20180830)

GET
H2 200 rules-p-UeXruRVtZz7w6.js Show response
rules.quantcount.com/ 2 KB
1 KB 37ms
8ms Script
application/javascript 13.224.193.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.193.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-193-5.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:46:21 GMT
content-encoding: gzip
age: 173
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Thu, 07 Dec 2017 17:06:25 GMT
server: AmazonS3
etag: W/"cbc97d16c77ea1fcbbf42d246001e982"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 cdcb559c2f25d8ad2ccf0419bee33b03.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: 79lG6Uf4yk3ApFKi49buGeHS4neyeutk3a172IZUEWgZTKa36-hbHw==

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ 259 KB
83 KB 6ms
6ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/womptv2nm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
age: 1472516
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 2132420
content-length: 84509
x-served-by: cache-hhn4080-HHN
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1634431752.082308,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H2 200 pixel;r=954853439;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf;uht=2;fpan=1;fpa=P0-1253494163-1634431752060;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;re...
pixel.quantserve.com/ 35 B
371 B 21ms
11ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=954853439;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf;uht=2;fpan=1;fpa=P0-1253494163-1634431752060;pbc=;ns=0;ce=1;qjs=1;qv=00a3769c-20210929173447;cm=;gdpr=0;ref=;d=anotepad.com;je=0;sr=1600x1200x24;dst=0;et=1634431752060;tzo=0;ogl=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 proxy.3d2100fd7107262ecb55ce6847f01fa5.html Show response
cdn.krxd.net/partnerjs/xdi/ Frame 0F27 805 B
826 B 6ms
6ms Document
text/html 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9

Request headers

:method: GET
:authority: cdn.krxd.net
:scheme: https
:path: /partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
content-encoding: gzip
accept-ranges: bytes
date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 varnish
age: 1989712
x-served-by: cache-hhn4080-HHN
x-cache: HIT
x-cache-hits: 555447
x-timer: S1634431752.122418,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525

GET
H2 200 optout_check Show response
beacon.krxd.net/ 73 B
233 B 105ms
30ms Script
text/javascript 63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.investingchannelinc.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ac828be9eacb996ccdf11871690f6b8b83aadcb4deac680f260678056051707e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=28 t=1634431752
x-served-by: beacon-n023-dub-prod.krxd.net
content-type: text/javascript

GET
H2 200 womptv2nm.js Show response
cdn.krxd.net/controltag/ Frame 0F27 13 KB
4 KB 6ms
6ms Script
text/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/womptv2nm.js
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 varnish, 1.1 varnish
age: 406
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 3716
x-served-by: config-service-a001-ash-prod.krxd.net, cache-bwi5133-BWI, cache-hhn4080-HHN
x-response-time: 0
x-do-esi: esi
x-timer: S1634431752.141928,VS0,VE0
etag: "fa213313d0f749c73627133b4ab4942a6489b2c7"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 13

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame 0F27 259 KB
83 KB 6ms
6ms Script
application/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/womptv2nm.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
age: 1472516
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 2132421
content-length: 84509
x-served-by: cache-hhn4080-HHN
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1634431752.149983,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H2 200 9427dd0d-835c-471c-a5db-ab01ae8a681c Show response
consumer.krxd.net/consent/get/ 249 B
438 B 54ms
31ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/9427dd0d-835c-471c-a5db-ab01ae8a681c?idt=device&dt=kxcookie&callback=Krux.ns.investingchannelinc.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5195609afbc1fca03f3200b50d97a90a8eb0e4652108db990a1aa9a1c9f7a0af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a015-dub-prod.krxd.net, cache-hhn4067-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1634431752.190932,VS0,VE25
content-length: 199
x-cache-hits: 0, 0

GET
H2 200 9427dd0d-835c-471c-a5db-ab01ae8a681c Show response
consumer.krxd.net/consent/get/ Frame 0F27 234 B
254 B 38ms
37ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/9427dd0d-835c-471c-a5db-ab01ae8a681c?idt=device&dt=kxcookie&callback=Krux.ns.investingchannelinc.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 7ee50d544c6957706630ecda4b5c7a2b6bd5479f9edbfc4478664c8a1c0e6490

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a015-dub-prod.krxd.net, cache-hhn4067-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1634431752.191059,VS0,VE30
content-length: 193
x-cache-hits: 0, 0

GET
H2 200 pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js Show response
a.pub.network/core/pubfig/ 182 KB
58 KB 37ms
37ms Script
application/javascript 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4cf833ad810353e51902d525ca24914b6056a1c38b29b03f8315c6757d485362

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Fyvutg==, md5=NsePhlo24I9sUjcJCDg8DA==
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycduL-w5GMRYZlc_ztdoSE_5WexswbWlstFDLjnAXXr5NIsom6zmDulIkjf18Fimrk07wCQXc7mgLb7Xm69QovUP-F9hBmA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
cf-ray: 69f586934a70278c-PRG
last-modified: Fri, 08 Oct 2021 15:29:27 GMT
server: cloudflare
etag: W/"36c78f865a36e08f6c52370908383c0c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJtN%2FK3tkXnfDS5cxfJEgIfaLZ9q6CVWeFAwy3Sdx3gAHQyPgoVwCBc490908O8HA7CKFBO7lI50y8Qe1B0Q42reGn21mQBjk5PJmHBvrr3O1qol1wNKPSPTsMpMOTY%3D"}],"group":"cf-nel","max_age":604800}
content-language: en
access-control-allow-origin: *
x-goog-generation: 1633706967497230
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 186040
content-type: application/javascript
expires: Fri, 15 Oct 2021 00:36:47 GMT

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 387 B
496 B 112ms
112ms Script
text/javascript 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=9427dd0d-835c-471c-a5db-ab01ae8a681c&technographics=1&callback=Krux.ns.investingchannelinc.kxjsonp_userdata
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c0964d104665d8a24b6c887321de9cfc2513e6be1b86014d71969dca9a04ac0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
age: 0
x-served-by: userdata-a020-ash-prod.krxd.net, cache-hhn4080-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1634431752.233221,VS0,VE107
content-length: 292
x-cache-hits: 0, 0

POST
H2 200 c Show response
c.pub.network/ 36 B
320 B 138ms
112ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: cd5da7545ecdc273ff0310060da81e975f110e3083da7773500a593da4f01563

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=google
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T2JPRDdCTkY
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEE4gWTr98hIdK_uYk6SwaMY&google_cver=1

0
337 B

32ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEE4gWTr98hIdK_uYk6SwaMY&google_cver=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=36 t=1634431752
x-served-by: beacon-n007-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEE4gWTr98hIdK_uYk6SwaMY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T2JPRDdCTkY
https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm=&google_hm=T2JPRDdCTkY&google_tc=
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEN1rYBA-13lXs1o9DUUMTeU&google_cver=1

0
337 B

31ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEN1rYBA-13lXs1o9DUUMTeU&google_cver=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=24 t=1634431752
x-served-by: beacon-n003-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEN1rYBA-13lXs1o9DUUMTeU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=ObOD7BNF&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=krux&ttd_tpi=1&ttd_puid=ObOD7BNF&gdpr=0
https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f

0
337 B

31ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=70 t=1634431752
x-served-by: beacon-n022-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://beacon.krxd.net/usermatch.gif?partner=ttd&partner_uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 227

GET
H2 200 379708.gif
idsync.rlcdn.com/ Frame 0F27 42 B
418 B 51ms
21ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/379708.gif?partner_uid=ObOD7BNF
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://stags.bluekai.com/site/26357?id=ObOD7BNF&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DObOD7BNF%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID
https://beacon.krxd.net/usermatch.gif?_kuid=ObOD7BNF&partner=bluekai&bk_uuid=$_BK_UUID

0
337 B

31ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?_kuid=ObOD7BNF&partner=bluekai&bk_uuid=$_BK_UUID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=29 t=1634431752
x-served-by: beacon-n002-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: https://beacon.krxd.net/usermatch.gif?_kuid=ObOD7BNF&partner=bluekai&bk_uuid=$_BK_UUID
Date: Sun, 17 Oct 2021 00:49:12 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 p
sb.scorecardresearch.com/ Frame 0F27 64 B
443 B 9ms
9ms Image
image/gif 13.225.87.102
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=9&c2=8188709&cs_xi=ObOD7BNF&rn=1634431752
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.87.102 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-102.fra2.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: ubDoPG89xEPDD6odGy7Y57JoUkZrn7_5hWkortYZZclngTtuAl04Zg==

GET
H/1.1

200
OK

match
ps.eyeota.net/ Frame 0F27
Redirect Chain

https://ps.eyeota.net/match?bid=i0r4o4v&uid=ObOD7BNF
https://ps.eyeota.net/match/bounce/?bid=i0r4o4v&uid=ObOD7BNF
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmRBZGlRWkxUczl4a09MbERxbmVwS3R2SFRUXzdRSXFldWZneHV6Q0VrLVk&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&...
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&dc_rc=1&dc_mr=5&dc_orig=i0r4o4v&google_gid=CAESEGENr_7q-k8tgPE9dvRpkXc&google_cver=1
https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&dc_rc=2&dc_mr=5&dc_orig=i0r4o4v&
https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=4055899242351198607&newuser=1&dc_rc=2&dc_mr=5&dc_orig=i0r4o4v&
https://sync.mathtag.com/sync/img?mt_exid=10015&redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3D7vi0rg0%26uid%3D%5BMM_UUID%5D%26dc_rc%3D3%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26
https://ps.eyeota.net/match?bid=7vi0rg0&uid=6ef3616b-7308-4900-a7a1-df41050a2857&dc_rc=3&dc_mr=5&dc_orig=i0r4o4v&
https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26
https://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26dc_rc%3D4%26dc_mr%3D5%26dc_orig%3Di0r4o4v%26&_test=YWtzCA...
https://ps.eyeota.net/match?uid=YWtzCAAAAE1L1QAR&bid=0rijhbu&dc_rc=4&dc_mr=5&dc_orig=i0r4o4v&&_test=YWtzCAAAAE1L1QAR
https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1
https://ps.eyeota.net/match?uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f&bid=1e2n4ou

70 B
440 B

9ms
9ms

Image
image/gif

3.127.178.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f&bid=1e2n4ou
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:12 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ps.eyeota.net/match?uid=d5d863bf-fdb6-4939-a2d1-4e447e72136f&bid=1e2n4ou
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 191

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://ib.adnxs.com/getuid?https://beacon.krxd.net/usermatch.gif?adnxs_uid=$UID
https://beacon.krxd.net/usermatch.gif?adnxs_uid=8665457160990187816

0
337 B

31ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?adnxs_uid=8665457160990187816
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=27 t=1634431752
x-served-by: beacon-n021-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:12 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8467b3b8-858c-4809-9c29-146843f47d1b
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://beacon.krxd.net/usermatch.gif?adnxs_uid=8665457160990187816
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

image.sbxx
ib.mookie1.com/ Frame 0F27
Redirect Chain

https://global.ib-ibi.com/image.sbxx?go=247532&pid=314&xid=ObOD7BNF
https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=ObOD7BNF

120 B
990 B

753ms
86ms

Image
image/png

69.169.86.39
AMC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.mookie1.com/image.sbxx?go=247532&pid=314&xid=ObOD7BNF
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 69.169.86.39 Cranford, United States, ASN29838 (AMC, US),
Reverse DNS
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:32 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3p: CP=\"DSP COR ADM DEV PSA PSD OUR\", CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
X-Server: NY02
Content-Type: image/png
Content-Length: 120
Expires: -1

Redirect headers

Date: Sun, 17 Oct 2021 00:49:11 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Location: https://ib.mookie1.com:443/image.sbxx?go=247532&pid=314&xid=ObOD7BNF
p3p: CP="DSP COR ADM DEV PSA PSD OUR"
Access-Control-Allow-Origin: *
Cache-Control: private
X-Server: LAS14
Content-Type: text/html; charset=utf-8
Content-Length: 193

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 0F27
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dpubmatic%26partner_uid%3D%23PM_USER_ID&rdf=1
https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=66232E30-42A6-4224-8517-A35A018D9163

0
337 B

31ms
31ms

Image
text/plain

63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=66232E30-42A6-4224-8517-A35A018D9163
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=26 t=1634431752
x-served-by: beacon-n012-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=pubmatic&partner_uid=66232E30-42A6-4224-8517-A35A018D9163
date: Sun, 17 Oct 2021 00:49:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H2

451

398696.gif
idsync.rlcdn.com/ Frame 0F27
Redirect Chain

https://fei.pro-market.net/engine?mimetype=img&du=88&csync=ObOD7BNF
https://idsync.rlcdn.com/398696.gif?partner_uid=5791768784645604040

0
44 B

21ms
21ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/398696.gif?partner_uid=5791768784645604040
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 google
alt-svc: clear
content-length: 0

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:12 GMT
via: 1.1 google
server: Apache-Coyote/1.1
access-control-allow-origin: *
anserver: gapp-eu-4.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://idsync.rlcdn.com/398696.gif?partner_uid=5791768784645604040
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H2 204 pixel.gif
beacon.krxd.net/ 0
337 B 31ms
31ms Image
text/plain 63.33.113.238
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/pixel.gif?source=smarttag&fired=report&confid=womptv2nm&_kpid=9427dd0d-835c-471c-a5db-ab01ae8a681c&_kcp_s=Freestar&_kcp_d=anotepad.com&_knifr=2&_kua_kx_tz=0&geo_country=de&geo_region=he&geo_dma=276003&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kua_kx_tech_browser=Chrome%208&_kua_kx_tech_manufacturer=Microsoft%20Corporation&_kua_kx_tech_device=Computer&_kua_kx_tech_os=Windows%2010&_kua_kx_geo_country=de&_kua_kx_geo_region=he&_kua_kx_geo_dma=276003&_kua_kx_whistle=0&_kpa_url_path_1=notes&_kpa_url_path_2=exc8ajpf&_kpa_domain=anotepad.com&t_navigation_type=0&t_dns=0&t_tcp=410&t_http_request=-1&t_http_response=3&t_content_ready=2376&t_window_load=2565&t_redirect=0&interchange_ran=false&userdata_was_requested=true&userdata_did_respond=true&store_user_after=wrvoeq6jb&userdata_user=ObOD7BNF%2Cwrvoeq6jb&sview=1&kplt0=39860&kplt1=47346&jsonp_requests=https%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C106%2Chttps%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F9427dd0d-835c-471c-a5db-ab01ae8a681c%2C56%2Chttps%3A%2F%2Fcdn.krxd.net%2Fuserdata%2Fget%2C114
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.113.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-113-238.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
cache-control: private, no-cache, no-store
x-request-time: D=40 t=1634431752
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 56ms
16ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=anotepad.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 47 KB
24 KB 407ms
391ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

5b2f31e6283f41b50112dbf9da83c321784c2f8879e49a1024b5eab9e6626bc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24127
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://anotepad.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 73DE 6 KB
4 KB 93ms
22ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 17 Oct 2021 00:49:12 GMT
expires: Mon, 17 Oct 2022 00:49:12 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 68ms
26ms Script
text/javascript 178.250.2.130
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2581d556ceadd8cdd3eb15509ff94501871552563a71381393fc7b59611cbc1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:12 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 12:34:24 GMT
server: nginx
etag: W/"615af4d0-1535c"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 18 Oct 2021 00:49:12 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame FF1D 11 KB
5 KB 49ms
15ms Document
text/html 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=anotepad.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?origin=publishertag&topUrl=anotepad.com
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
strict-transport-security: max-age=31536000
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 1985
set-cookie: uid=1ef33811-47b4-4065-ae9b-5eebc2911e18; expires=Fri, 11 Nov 2022 00:49:12 GMT; domain=.criteo.com; path=/; secure; samesite=none
date: Sun, 17 Oct 2021 00:49:12 GMT
content-length: 4683

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 85 KB
27 KB 61ms
28ms XHR
text/javascript 178.250.2.130
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.2.130 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 2581d556ceadd8cdd3eb15509ff94501871552563a71381393fc7b59611cbc1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 12:34:24 GMT
server: nginx
etag: W/"615af4d0-1535c"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 18 Oct 2021 00:49:13 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 30ms
15ms Script
application/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=anotepad.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 162 KB
38 KB 530ms
529ms XHR
text/plain 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1004424079087782&correlator=1281766775366661&output=ldjh&impl=fifs&eid=31063110%2C31063201%2C21068030%2C31062526%2C31063128&vrg=2021101201&ptt=17&sc=1&sfv=1-0-38&ecs=20211017&iu_parts=15184186%3A21641952176%2Canotepad_leaderboard_atf%2Canotepad_leaderboard_btf&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=728x90%7C970x90%7C300x250%7C970x250%7C336x280%2C728x90%7C970x90%7C300x250%7C970x250%7C336x280&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26fs_placementName%3Danotepad_leaderboard_atf%26fs_ad_product%3Dsuperflex%26fsbid%3Dtimeout%26fspbg%3Dfreestar%26freestar_path%3D%252Fnotes%252Fexc8ajpf%26freestar_domain%3Danotepad.com%26custom_bidder_size%3Dappnexus_728x90%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.05%26hb_adid%3D112397bfbb3b15e5%26hb_bidder%3Dappnexus%7Cfsrefresh%3D0%26fsrebid%3D0%26floors_id%3Dtimeout%26fs_placementName%3Danotepad_leaderboard_btf%26fs_ad_product%3Dsuperflex%26fsbid%3Dtimeout%26fspbg%3Dfreestar%26freestar_path%3D%252Fnotes%252Fexc8ajpf%26freestar_domain%3Danotepad.com%26custom_bidder_size%3Dappnexus_300x250%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.03%26hb_adid%3D11377db8a116f467%26hb_bidder%3Dappnexus&eri=1&cust_params=user-agent%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1634431753&dt=1634431753042&dlt=1634431750462&idt=954&frm=20&biw=1600&bih=1200&oid=2&adxs=436%2C436&adys=384%2C5741&adks=610960399%2C677789411&ucis=2%7C3&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1115x300%7C1115x300&msz=1115x300%7C1115x300&ga_vid=745146848.1634431751&ga_sid=1634431753&ga_hid=511129583&ga_fc=false&fws=4%2C4&ohw=1115%2C1115&btvi=0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

cafe /

Resource Hash

c617e91f6e46158e3d94ba5517689a66530cd5bb62f6dc4f139dbe8edfd2a422

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38518
x-xss-protection: 0
google-lineitem-id: -1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://anotepad.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame FF1D 436 B
527 B 15ms
15ms Fetch
application/json 178.250.2.146
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertag&domain=anotepad.com&sn=ChromeSyncframe&so=0&topUrl=anotepad.com&cw=1&lsw=1

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=anotepad.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.146 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

3c9b392cecc6283f4f58277dd0a7335ff25ce23c4ffec1430d58455d06e89ae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=anotepad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Sun, 17 Oct 2021 00:49:12 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2396
expires: 0

GET
H3 200 container.html Show response
65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1033 6 KB
3 KB 21ms
7ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 17 Oct 2021 00:49:12 GMT
expires: Mon, 17 Oct 2022 00:49:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 55ms
19ms XHR
application/json 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021101201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021101201.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a2ea7c2ec8e9d9cedd3508d75e3882f5d2a05bfa7b17393310bd735b5c1d3118

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8543
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1033 0
0 105ms
55ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvMVl-gSwQS4-Mc9hdpQLpuQ2ZrLD8PAAHLWntZKWSe-IjhYioBfOfAGK-sUTSXz7DTELyol6YuJnBQYTI2Uq1JzKEetLK6S52rDgLpIOBPm0LwzOH34gsDpJo4Gk3t0b1lh2xd5IRzUroZHCelQzAO4Vw1nBT9FxkbQasAF3xToew4SotvJE_0CastP0oquYPAeeibgxcvonv64fNATnzPVFCi-rUrz37Fmx8huNEGHchYHVNFvcT9t8-vS0ipJ4QBaoaxHsBX9PM7kYhpUaR636n7EFvvC4C-fw6LKWuglUFQxdlcIO7npuM1AUkgom7cRBRm9T3-e_emjxpGiyMwORA8Dqh0mcrDBAe8ZYJ7IFUmsHyvjye-pQiuaQAFZuRtsHOo_5rf_nR7-wrENH04mAeRkeb5yjqJuX7SKBasMXgQBJeNZEJgBagUqGeq3QxAqRQQwL3l6t1Uxmw_YOxkd_2_Ry6gNjv8vkJsenYPum__wMw5fFAiIZsqUSyiqoSHlHCQPFEXw4RBM3KeTO8dEbYLcjP4goGC5nyC-RtSgJROA3DPDv4QYc8RKoY2Pg0pu5Eh2vwRnHhUDO-r6hwzDuNGwmsLkQHUqgXSfDHaiMRLtlCX4AzjySSpBnp3HspdWimOUlkNQX3Yc2X2gyT-O3BVM1fR0v9ut088rcjtdRP9VIRD4QzvXk1cFQK2glG-lzmiXuE0vm7VKTS7WyiGOQwUlJDTsApFDUhjkDVWXMzQE8uhB8wiq9ieNpHXqPZwHZsWpJlxucm0JMSjlS6l9ECPqKRztjAB0r_0OPYAWMY9XO7glnnO7TO1yfDXeUQAAWtLOXz1kt709XrbkNNuhe0yQzmCaP__5M4y5TUoNv1fOP4Q66mrd_ECkwWQMbf7SZ2O1qMZUxWj5FJHvQb9GyiFlNkz1NlUNc6wABvuj0r8T2pJ5spZA2_bQHhZA6uYS7l5YOJpaWs6f9eH2Yqnp6HYSx_Idp--IYcdJJmaJCz5wEMNF9lhgrlG8eqCeBdTOgrDeDhQ55ju8-yMc7ZTvbzJlPDyEI2SOYrApjxkj10cb3dOyxAMBuUX0t68FvcURurm9xU&sai=AMfl-YRTfkqc1oDsKCDAqwnxlg4Qyju2Q6RY2GmitKrONDKMv0-73iGiwNZOVQ&sig=Cg0ArKJSzO_yKPCZvso_EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Sun, 17 Oct 2021 00:49:13 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1033 41 KB
15 KB 51ms
14ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 14 Oct 2021 07:15:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236051
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 14 Oct 2022 07:15:02 GMT

GET
H2 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 1033 32 KB
13 KB 50ms
13ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

f6bde1ecec9ad90f8c99ba8e179e083ac62f64679c264a9b10a71fe52c7289e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:43:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12898
x-xss-protection: 0
server: cafe
etag: 10770391770327730900
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:43:04 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 1033 3 KB
1 KB 46ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:33:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1033 123 KB
37 KB 39ms
25ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 17 Oct 2021 00:49:13 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 1033 14 KB
7 KB 43ms
7ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:32:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1027
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:32:06 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame 1033 18 KB
8 KB 44ms
8ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:24:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:24:57 GMT

GET
H2 200 4056690041068534003
s0.2mdn.net/simgad/ Frame 1033 98 KB
99 KB 61ms
9ms Image
image/jpeg 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/4056690041068534003

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

15ffcaba4bf6292d6fee45f1bf4a1dec2861486047013f479e905006acab6992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 14:54:48 GMT
x-content-type-options: nosniff
age: 381265
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100743
x-xss-protection: 0
last-modified: Mon, 16 Aug 2021 07:45:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 12 Oct 2022 14:54:48 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 33ms
24ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sun, 17 Oct 2021 00:49:13 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A8BC 22 KB
8 KB 24ms
8ms Document
text/html 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 14 Oct 2021 07:15:05 GMT
expires: Fri, 14 Oct 2022 07:15:05 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 236048
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame ABC1 1 KB
749 B 21ms
7ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 16 Oct 2021 21:06:15 GMT
expires: Sun, 17 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 13378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1033 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f0285c36c9607a8293ab66e62b9b5207d3f2f954e96756ae888f3784d537935

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 27F0 12 KB
5 KB 7ms
7ms Document
text/html 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Sat, 16 Oct 2021 21:22:52 GMT
expires: Sun, 16 Oct 2022 21:22:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 12381
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3CE6 783 B
535 B 33ms
16ms Document
text/html 172.217.23.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f4.1e100.net

Software

GSE /

Resource Hash

543ca4ac0d14531b1ad4779a6338f0f4c60899e75f0c85c811cab2db7269245a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DtmWZuV2uV0ePjKoyxOWLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Sun, 17 Oct 2021 00:49:13 GMT
date: Sun, 17 Oct 2021 00:49:13 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-DtmWZuV2uV0ePjKoyxOWLw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame ABC1 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEPBrWneoZhVTuinHkPI5MEM&google_cver=1&google_push=AYg5qPKfMCEemyRgey3uCP6kiCBmFS0xpO4BHJXtx5FpUED8qM-ROpq5_WdLABl7Z-grFsGsU7wJ8vKiq7dMYvNZUha6SDlQkQ4
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MUEwNERFNEVFRkQ3MTM2RA==

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MUEwNERFNEVFRkQ3MTM2RA==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=MUEwNERFNEVFRkQ3MTM2RA==
date: Sun, 17 Oct 2021 00:49:13 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEICCi5DhzMCTbfuf9UVpUGE&google_cver=1&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3n...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEICCi5DhzMCTbfuf9UVpUGE&google_cver=1&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLXukEW6xn7OiydcpToJsM0yzgPNFpMHtfTqnKf7t-FVpmivy8n5Crxy56c1Nhis7wkGVFUJdy7wJDQNASbvunvz3nzFtM
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESENw1gxv9ZslXuRnUsq9AYDI&google_cver=1&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDW...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDWABqJHu5Hf80

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDWABqJHu5Hf80

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 17 Oct 2021 00:49:13 GMT
via: 1.1 eb83e7e264681d87a86c9b6a2159e502.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA2-C1
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=AYg5qPIw_H8gq9UxjTKtxn9doOdkp_-2tXtlIHlVy8OgW9OWnzsl2kFnokTgpjj5Jonqbm4RWxA5QLHc75jOIoDWABqJHu5Hf80
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: 0x93110EeCSU4V_D2qSKseJ1OcIf2FQVfHwpqWXlTR2Ri_Tm_XIbRg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESECbnNLDAUwnWIgbsNpAJkk8&google_cver=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SEOqVdcxbG5ID2VIx09wJ48DzH2rY2At-zZ5Xnn-cziMjtjbWhZ0HZes3p6CgL8eWhCagk
https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&mn_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SE...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&mn_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SEOqVdcxbG5ID2VIx09wJ48DzH2rY2At-zZ5Xnn-cziMjtjbWhZ0HZes3p6CgL8eWhCagk&gdpr=&gdpr_consent=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:13 GMT
Server: Apache
P3P: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location: https://cm.g.doubleclick.net/pixel?google_nid=media&google_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&mn_hm=Mjc3NDMzMzUzOTMwNjk1MDAwMFYxMA%3d%3d&google_sc=1&google_push=AYg5qPJL1Dk8DTqcA6OvxvmoLzrp7SEOqVdcxbG5ID2VIx09wJ48DzH2rY2At-zZ5Xnn-cziMjtjbWhZ0HZes3p6CgL8eWhCagk&gdpr=&gdpr_consent=
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html
Content-Length: 154
X-MNET-HL2: E
Expires: Sun, 17 Oct 2021 00:49:13 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEPkVHNedOcQT4Qac1D2BfME&google_cver=1&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCA...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCAdNvnm4ou2Nvir213X1rws&google_hm=MzMyNTc2MjM...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCAdNvnm4ou2Nvir213X1rws&google_hm=MzMyNTc2MjM4MjA2NTg2NTE0OQ%3D%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPLdFCuFF_jh4Znd1FHinbPJ721AVdwBn43uvSkxES8hUL-kVhrXHfVWRWuUs8TEZz2VQjpkCAdNvnm4ou2Nvir213X1rws&google_hm=MzMyNTc2MjM4MjA2NTg2NTE0OQ%3D%3D
date: Sun, 17 Oct 2021 00:49:13 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame ABC1
Redirect Chain

https://google.ops.beeline.ru/p?ssp=gl&google_gid=CAESEHevdxufHfwnhSQQfffmaWk&google_cver=1&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glTO4ZBhEcL6nAd2eAA-pwozUtbK65R...
https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=YmY0ZTNkNGItZjZiMC00NWJkLTk0NmMtZWQ0N2Y5OGIwNjA4&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glT...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=YmY0ZTNkNGItZjZiMC00NWJkLTk0NmMtZWQ0N2Y5OGIwNjA4&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glTO4ZBhEcL6nAd2eAA-pwozUtbK65Ri6QZQDP

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 17 Oct 2021 00:49:13 GMT
x-route: http://upstream_cookiesync
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=vimpelcom_pjsc&google_hm=YmY0ZTNkNGItZjZiMC00NWJkLTk0NmMtZWQ0N2Y5OGIwNjA4&google_push=AYg5qPJeyHve4HqdgZUfr19FagOOiILzAiyPK49nZV0pD4Tg9Y_e-Il01EEuk4glTO4ZBhEcL6nAd2eAA-pwozUtbK65Ri6QZQDP
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, GET, HEAD, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true, true
x-host: 192.168.152.32
access-control-allow-headers: authorization, Content-Type, Authorization, Origin, X-Requested-With, Accept, Key, Accept-Encoding, DNT
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame ABC1 0
12 B 22ms
21ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KzJDTpe7y3FoED14R6L-Y5uyUZXiLxl6c5Xb3sLfSH6RIKwY43UDJtuLY2xk6dLJ3dvHJwgA

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame A8BC 35 KB
13 KB 7ms
7ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 21:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 21:13:58 GMT

GET
H3 200 YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js Show response
pagead2.googlesyndication.com/bg/ Frame 27F0 35 KB
13 KB 7ms
6ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/YBeW4A8KRQKaUXRhZhiUEBaonRmLgznW2QKT5Kp-z2M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 21:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13430
x-xss-protection: 0
last-modified: Mon, 11 Oct 2021 11:08:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="botguard-scs"
expires: Sun, 16 Oct 2022 21:13:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3CE6 0
0 23ms
23ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gpt_2021101201&jk=1004424079087782&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 container.html Show response
65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 62E6 6 KB
3 KB 7ms
6ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 17 Oct 2021 00:49:12 GMT
expires: Mon, 17 Oct 2022 00:49:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 898F 6 KB
3 KB 7ms
6ms Document
text/html 142.250.185.193
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/freestar/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.193 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sun, 17 Oct 2021 00:49:12 GMT
expires: Mon, 17 Oct 2022 00:49:12 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 fslogo-green.svg
a.pub.network/core/imgs/ 1 KB
1023 B 37ms
37ms Image
image/svg+xml 104.26.1.139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.pub.network/core/imgs/fslogo-green.svg
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.engine.4.23.1.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.1.139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=Jh+rSg==, md5=Mm1svZd2V+EgW9YW0fL6yg==
date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-guploader-uploadid: ADPycduwCORgR8e52aN5YYaGi6b8pKwif9p3wNyW9k13ZvWGZeKtYy-Aso57GRTga79RGpmSATD7oWGRVGynJ7glOQs
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-type: image/svg+xml
last-modified: Tue, 08 Sep 2020 17:04:37 GMT
server: cloudflare
etag: W/"326d6cbd977657e1205bd616d1f2faca"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZKMtypEM1bQ5fPGuYYuvOpbQST7nzJsgMI9QWFyZt5dxsZheYv4nueb4NQbNhgZIwzl3ek5C6rKzku%2BsrahveZivtSLhM6BnxJqk48cn6yg6MQ7fzKPvPJp8b%2BwR5s%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1599584677716817
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=3600
x-goog-stored-content-length: 1193
cf-ray: 69f5869c6945278c-PRG
expires: Sun, 17 Oct 2021 01:33:52 GMT

GET
H3 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 62E6 32 KB
13 KB 10ms
9ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

f6bde1ecec9ad90f8c99ba8e179e083ac62f64679c264a9b10a71fe52c7289e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:43:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 369
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12898
x-xss-protection: 0
server: cafe
etag: 10770391770327730900
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:43:04 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 62E6 22 KB
7 KB 11ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 22:52:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7026
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 16 Oct 2022 22:52:07 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame 62E6 18 KB
8 KB 9ms
9ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:24:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:24:57 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 62E6 3 KB
1 KB 7ms
6ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:33:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 62E6 123 KB
37 KB 30ms
30ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 17 Oct 2021 00:49:13 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 62E6 14 KB
6 KB 10ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:32:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1027
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:32:06 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 898F 2 KB
912 B 10ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:44:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 297
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 885
x-xss-protection: 0
server: cafe
etag: 638833322182864030
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:44:16 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 898F 0
0 51ms
51ms Fetch
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Clg8VCXNrYYzREM2grASIvoXIDbiP5cRl-_GNnL4O2dkeEAEg2tfFOWDJBqABt7a70QPIAQbgAgCoAwHIA5sEqgT6AU_Q0cW1etRS7e6C_6nlxG3wOlFmGSOH7ho_pf3AyVKVnPeM_dHrdNEQUkco3uu2bJ_4bgb0AZTYNUmjWQ1rau5SbdH0m_MLP_7rHwukI6Eqe09AFaruMobrtaptp4uPXGWvM7NwSGQ-g1bsfQmnX3rWcEXWBDaJ_cz4Xu9aEpxABram5dFMRM3NLNeY89BgKEtF5h7Fb7q2JE-YA_-3qoT0bvXgNedwIghzkEiiOQcD5IlZQuVoYCUGIud66R28xmBIy-oisOTfT76Vlmo8Spq0i0FLNs3T1ZVC3DH3oCFiF9g9h1CdRoXRo66fnUD03IgDgeAfyb4jBiTABNSCkf7sA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAexycQuqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAfVyRuoB6a-G9gHAfIHBBDugBnSCAcIgGEQARgdgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTM2MDUyNTczNjA4NTMxODUYusgX&sigh=iEDGioOrZzw&uach_m=[UACH]&template_id=492
Requested by: Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/ Frame 898F 18 KB
8 KB 10ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/abg_lite_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:24:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1456
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7691
x-xss-protection: 0
server: cafe
etag: 14402072889669646931
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:24:57 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 898F 3 KB
1 KB 10ms
10ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/window_focus_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:33:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1426
x-xss-protection: 0
server: cafe
etag: 18061233391346882222
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:33:54 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 898F 123 KB
37 KB 36ms
35ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37919
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1634125446224599"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 17 Oct 2021 00:49:13 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/ Frame 898F 14 KB
6 KB 9ms
9ms Script
text/javascript 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211013/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

cafe /

Resource Hash

f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:32:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1027
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6281
x-xss-protection: 0
server: cafe
etag: 18349783599053866072
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 31 Oct 2021 00:32:06 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 898F 0
0 16ms
15ms Image
text/html 172.217.23.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSX312icsmCUfqgaz3x0dUgv5yIgLoZ_JgMMDZ4w5Rau3WVMTRa34Xz__Vg7o_8Hr7ygyQgCMnRPi9mHQbA-Smtg7mHmA
Requested by: Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.23.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 94b9e9edb15b7c220f12fa63d878a5af.js Show response
www.gstatic.com/mysidia/ Frame 898F 27 KB
12 KB 32ms
7ms Script
text/javascript 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/94b9e9edb15b7c220f12fa63d878a5af.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 16 Oct 2021 19:22:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 19576
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11213
x-xss-protection: 0
last-modified: Tue, 12 Oct 2021 03:34:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="mysidia"
expires: Fri, 14 Jan 2022 19:22:57 GMT

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/16969492321287790970/ Frame 898F 36 KB
36 KB 8ms
8ms Image
image/jpeg 142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16969492321287790970/downsize_200k_v1?w=600&h=314

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

1975f244719819d2705695a678f430e12b40a406cbcabd762368a98aa56615ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 10 Oct 2021 22:54:59 GMT
x-content-type-options: nosniff
age: 525254
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36804
x-xss-protection: 0
last-modified: Fri, 03 Sep 2021 00:45:23 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 10 Oct 2022 22:54:59 GMT

GET
DATA 200
OK truncated
/ Frame 898F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 113ms
113ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: cd5da7545ecdc273ff0310060da81e975f110e3083da7773500a593da4f01563

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H2 200 HbzV6VcO2VtEzOmEb0g4-g9hhLjKRD-hEz6ujUIIn5N5CO0fll9TA5NwY65mb7d6xuDxc9kAwqGKa2eWlVwXjud940w0QWmD7XPYJ-OzA_v2om2wx3AaWLRe3X4nuS0K8B4g5yHHvGHwBfOTd0deb8QqHuv7LJ01jDF7dZWHYQ1_GFmT=w1200-h627-rp-pd
lh6.googleusercontent.com/proxy/ Frame 62E6 266 KB
267 KB 77ms
28ms Image
image/png 142.250.185.65
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/proxy/HbzV6VcO2VtEzOmEb0g4-g9hhLjKRD-hEz6ujUIIn5N5CO0fll9TA5NwY65mb7d6xuDxc9kAwqGKa2eWlVwXjud940w0QWmD7XPYJ-OzA_v2om2wx3AaWLRe3X4nuS0K8B4g5yHHvGHwBfOTd0deb8QqHuv7LJ01jDF7dZWHYQ1_GFmT=w1200-h627-rp-pd

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f1.1e100.net

Software

fife /

Resource Hash

8e42d6e5244e53b8bb26ce7c431b110ea07a3adaf49f5cf9c06deb3935b544ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:13 GMT
x-content-type-options: nosniff
server: fife
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272758
x-xss-protection: 0
expires: Mon, 18 Oct 2021 00:49:13 GMT

GET
H3

200

9288950999397694842
tpc.googlesyndication.com/simgad/ Frame 62E6
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKCnn8WMZhCwCRiwCTII4jBbAU9Ixm8
https://tpc.googlesyndication.com/simgad/9288950999397694842

83 KB
83 KB

8ms
8ms

Image
image/png

142.250.185.97
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9288950999397694842

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f1.1e100.net

Software

sffe /

Resource Hash

a096b9f9a7b79e0bcda28f9c7a443c211242d9613b77fea6222acf440d9f6ddb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 12 Oct 2021 04:11:49 GMT
x-content-type-options: nosniff
age: 419844
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85380
x-xss-protection: 0
last-modified: Tue, 04 Feb 2020 10:05:52 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Oct 2022 04:11:49 GMT

Redirect headers

timing-allow-origin: *
date: Sat, 16 Oct 2021 04:47:18 GMT
x-content-type-options: nosniff
server: cafe
age: 72115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/9288950999397694842
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 15 Nov 2021 04:47:18 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 62E6 0
0 50ms
49ms Fetch
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cp9QZCXNrYYvREM2grASIvoXIDdyrustlt-aakrUOgajF2pcOEAEg2tfFOWDJBqABh9-R7APIAQbgAgCoAwHIA5sEqgT7AU_Q-_mbhr-8H-ReoHOAq6TiOBbYtXD3GDT6JeV9lY66lDsjo56-MFVCukqqnHCXXRqx3VMKxCEBAiwvo6HA657HtcmdMSLmx6gKNowEXWeGDRRnkLzp2qQe6qaYKe19ay1has07HM8cMNm-juaWxL2RYscebM6bFMmgKRbEofJ4_YW2Uy57bOLMxmzbHUq15ffJ4XZzYKtlhWIPZuQ0Eakix6y7-a-n105v_mCm_e2uhtx8G5xnIvAKVx3Fqctd_lYFDjXCuNQEykacQE-F9Y50o-hlZWsx-nn23POXxSJKT5_0Z8fONRAw9G1Hhe08erZHwblOeBHUX_AQwATOxr7QzQPgBAGSBQQIBBgBkgUECAUYBKAGN4AH24TTJagH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4b2AcB8gcEEJnJMdIIBwiAYRABGB2ACgPICwHYEw2IFAHQFQGAFwGyFx4KHAgAEhRwdWItMzYwNTI1NzM2MDg1MzE4NRi6yBc&sigh=yztfx7yuLmU&uach_m=[UACH]&template_id=493
Requested by: Host: anotepad.com
URL: https://anotepad.com/notes/exc8ajpf
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s21-in-f130.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3

200

B25087192.312291018;dc_pre=CIKH5OCc0PMCFYDnuwgd3VkOIg;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd= Show response
ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/ Frame 62E6
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatme...
https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_pre=CIKH5OCc0PMCFYDnuwgd3VkOIg;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rd...

42 B
63 B

28ms
28ms

Fetch
image/gif

142.250.184.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_pre=CIKH5OCc0PMCFYDnuwgd3VkOIg;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N128002.134426GOOGLEDISPLAYNETWO/B25087192.312291018;dc_pre=CIKH5OCc0PMCFYDnuwgd3VkOIg;dc_trk_aid=483801149;dc_trk_cid=142916956;ord=3953981921;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=;gdpr_consent=;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2429 143 B
253 B 21ms
7ms Document
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkSCmQsdPFQ31v_wAPHeFq63RSE0BqeaATgA2xD4JXvUPjwn-GqDOeNqq0Yu5I
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 17 Oct 2021 00:00:15 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2938
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DA3A 1 KB
749 B 6ms
6ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 16 Oct 2021 21:06:15 GMT
expires: Sun, 17 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 13378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 62E6 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40e0c6c7cca7134b3790a2684efaa91006a2759e7208e9c54957f5d88e52e6a7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 660D 1 KB
749 B 7ms
6ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 16 Oct 2021 21:06:15 GMT
expires: Sun, 17 Oct 2021 21:06:15 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 13378
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 898F 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 420587b0545b37a2595ee8246d138c2c15df98192d0bc33badaafb502f52e25e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame DA3A 35 B
362 B 16ms
9ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK3n5pyFAwp6O8NtckOnc44&google_cver=1&google_push=AYg5qPKVLVCMWLH1CVWcOms8NVaPcVrORc-incRYZooDD19XbhdX05o_WVC0ITrD79hbYgmtociACAIhtiX0nPYW18llwMx3EFU

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA3A
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEL7yR58HiK37_HXtBfUCMvo&google_cver=1&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvCl2JAWuUNsAQbN
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E7656671465E4441B1F9C307A395EA23&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvC...

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E7656671465E4441B1F9C307A395EA23&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvCl2JAWuUNsAQbN

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 17 Oct 2021 00:49:14 GMT
x-content-type-options: nosniff
server: openresty
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E7656671465E4441B1F9C307A395EA23&google_push=AYg5qPL-WwHYxGf_kLfH2At6_Ec0ZSSNtkcUpxOhKsVNoK6SXQxOl2zmxY2W2jVlCp4795PqT3dFvf0kohpwZvCl2JAWuUNsAQbN
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sat, 16 Oct 2021 00:49:14 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA3A
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENRK8X7OcQDwlgnpOokpAoI&google_cver=1&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:13 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJciRyAn1YDlpASeeMxANF9De7QqrZGh0_b_kwVfh6KhKUPDiTfCoD5WZLlGBkxquwwkpkdwEhcqP1C7zdn-V88BYEwRJRA&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: ripfosdvkc6env1ab9km6294jpir2h3d

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA3A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIHd0C-oCqxIW1a7ez2F3P6oa0M1qZI5VM9596sjYqU93eQ0Mrtvt7zJRKN2aVk4yJI1zljDfemJF-1ZDgQKJFdeOdrOAWp

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPIHd0C-oCqxIW1a7ez2F3P6oa0M1qZI5VM9596sjYqU93eQ0Mrtvt7zJRKN2aVk4yJI1zljDfemJF-1ZDgQKJFdeOdrOAWp
date: Sun, 17 Oct 2021 00:49:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame DA3A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2...

0
0

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame DA3A 0
44 B 846ms
277ms Image
text/plain 3.115.67.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEGoYWqIr2mcTkHxij8Xq-Hc&google_cver=1&google_push=AYg5qPK_d-oF3L-_Yokzg9vMRyRSEx689C-vuc1_az499yqEY3IfOlCQ3TEuhZ2A6YyFQYZes3qhxXaN5dv9LxxHH1FtcwFczKo
Requested by: Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.115.67.144 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-115-67-144.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:14 GMT
server: awselb/2.0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA3A
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBkuaDKgiQROgAOPdWgxRJU&google_cver=1&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEBkuaDKgiQROgAOPdWgxRJU&google_cver=1&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRm9HUFc5RTJ1RXVRNU0xeDhXaERlY0ZJZ1I4Z1g5RH5B&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQ...

170 B
188 B

23ms
22ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRm9HUFc5RTJ1RXVRNU0xeDhXaERlY0ZJZ1I4Z1g5RH5B&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM1Lh9SPRbAK6Y-lL6VL3yYLsVTVfw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 17 Oct 2021 00:49:14 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1SRm9HUFc5RTJ1RXVRNU0xeDhXaERlY0ZJZ1I4Z1g5RH5B&google_push=AYg5qPIDnixax6-1XlgVHOZjWpkxbhaiU8UA_nKmx0y1cyYKeHujV40XQBIpu7qFpBz9pDRncM1Lh9SPRbAK6Y-lL6VL3yYLsVTVfw
Connection: keep-alive
Content-Length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DA3A 0
12 B 34ms
33ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J3JAHjParpG8yWlAkpw7nL-8fZZ5lQR2EMHr4OuzhC6ml-J-r0KIiG6-AWNLMlcD16LyrRCw

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 dpixel
cms.quantserve.com/ Frame 660D 35 B
362 B 9ms
8ms Image
image/gif 91.228.74.226
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEK3n5pyFAwp6O8NtckOnc44&google_cver=1&google_push=AYg5qPKnW0stnDWIWLwPBHZY19FDxQDrPKHNFlVBjormZaqxMXFRpxLijbzwT60XbRl4G7DxjDoG1WbaddhH0srD0vUfcQxOvn8

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.228.74.226 , United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 660D
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&re...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&...

43 B
415 B

193ms
183ms

Image
image/gif

104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69f586a08ef14120-PRG
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 2196
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 69f5869f1e334120-PRG
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEI2-sQN04F8ZrJ2zKvFhkEo&google_cver=1&google_push=AYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLPsBd7KQuvV7ubzkENGnU9zbLR_awdFqe04aM4bleF16KnHUpxbxWCYwUbk7l4B00nXJa4Y6mlmr7DbMukr5S0wSoCzQ%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 660D
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESENRK8X7OcQDwlgnpOokpAoI&google_cver=1&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPLiZ53sTRYxlRYiQUxsle1FEdjizvM4ss0VQZ02lBSf9VvJpzly4EWqStxTwoEDsIWeT_4G0kOvrSiDbKRfl2PLeC3sfRM&google_hm=_iXwH1cHwMUhIdw5EFkA-Q==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: i459tba9repsfhcl3q4k8bcmr7kf7ra3

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 660D
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEODKdEodJUmiAxb-SVY-kEY&google_cver=1&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBw...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEODKdEodJUmiAxb-SVY-kEY&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBw...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg&google_hm=czNrOTJTdlNhUjZObFd3S3...

170 B
188 B

23ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg&google_hm=czNrOTJTdlNhUjZObFd3S3lvRTA=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:14 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPLiuuu9x2kRP29B1__6QBdUM051AYprMssW9R5JHNiynLicFvDb5nHSKzPhhB5a_t0VS4NysHbSLFaBwRqe_WrMV1kqcg&google_hm=czNrOTJTdlNhUjZObFd3S3lvRTA=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 234
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 660D
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKgjgNR9CjpXVKyRz_hs7KS5QZD1y7LM-ZKWknu74oR6tYWf8U4RWeOMFna0X13JZcn7UfvxdDk6ZRpxyk_sOilr3IxwQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKgjgNR9CjpXVKyRz_hs7KS5QZD1y7LM-ZKWknu74oR6tYWf8U4RWeOMFna0X13JZcn7UfvxdDk6ZRpxyk_sOilr3IxwQ
date: Sun, 17 Oct 2021 00:49:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 660D
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENZHXfxhF7dXUwzkRi7xgO0&google_cver=1&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESENZHXfxhF7dXUwzkRi7xgO0&google_cver=1&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA&google_hm=a9a1a55b7ecf9ca692c01f92

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA&google_hm=a9a1a55b7ecf9ca692c01f92

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sun, 17 Oct 2021 00:49:14 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AYg5qPKfEpaYxpMFRd7bzhCcHveHvQ_6YSRTcIP3sdvKPG_RU0oMx8gstNd5YVb37kRj5zCDQg5d9V_xtchyK5yt3cmawpMSwhA&google_hm=a9a1a55b7ecf9ca692c01f92
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 660D
Redirect Chain

https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEPK-gdpgFQ_RoMpkDFpnhFs&google_cver=1&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyfg_ZkwhCqFycDyQFyMI3e3Y-jx...
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZDVhMGNiZDUtZTkyZS00NmM2LWI5MDEtMDgyZDBiYmRhMDU5&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyf...

170 B
188 B

22ms
22ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZDVhMGNiZDUtZTkyZS00NmM2LWI5MDEtMDgyZDBiYmRhMDU5&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyfg_ZkwhCqFycDyQFyMI3e3Y-jxaf9QtGkBSN7

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=ZDVhMGNiZDUtZTkyZS00NmM2LWI5MDEtMDgyZDBiYmRhMDU5&google_push=AYg5qPLyDnzpZFvGo3Et18gsoZgdUptyGnvOQPz2QPrA9QESpA_IOJvEy7cpmFyfg_ZkwhCqFycDyQFyMI3e3Y-jxaf9QtGkBSN7
date: Sun, 17 Oct 2021 00:49:14 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 660D 0
12 B 27ms
26ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I-NB00a7tyU-yr8pcMrhAMs3muTrBABJeU6ftusTF15hosZSOboaHgK_8scpXyb-0bV8IELg

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:14 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2429
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

22ms
21ms

Document
text/html

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
URL: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUkSCmQsdPFQ31v_wAPHeFq63RSE0BqeaATgA2xD4JXvUPjwn-GqDOeNqq0Yu5I
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 17 Oct 2021 00:49:14 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 17-Oct-2021 01:49:14 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 17 Oct 2021 00:49:14 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 17 Oct 2021 00:49:14 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A8BC 0
20 B 43ms
43ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7D-BCHNrYdf4OIby3wPOkpvoDgAAAAA4AeAEAg&bg=!tbaltvLNAAao6lBpqOo7ACkAdvg8WlGNNSWU01nvBO7IdwQr4huYqZqW34kA2Ocb9rMUG2-mzNe4OQIAAAG3UgAAADRoAQeZAsmhnKoXeM0KB6VdXzrEVnDXhFmJpP3XIqLYlhB-g_Xb87JF_UjChsZw5-_uHJZJnUeVFfDxjcgxrHEgUMNO3NeAjWW6XLYRi7Vs4GVxDwKroeHQ6Lj9zzd5Y8OmGqSG92ZSQDhfO768VMZRTBB4KqNoZ8GGsTpYe_C7qM5w6y6t969YNph9d7Afv6OlDwUem0y_GTcXOenLLVtt2S3Rr-rdIldJNyyrwvCDNCAvnhgdlvcCzZ-v_scsg-RrVk_9FWo5e0jDitPGzlUadI-jkqOoaFLY3tUrwYvX0D1jwE65NqnYNNVBCurXQ5MRY6wTN97qBoB95G85D6XDKfwrXAdtL7Wx5W91rpTYtVO9ksYazYNCL1VW9nhaRlG-tHAlTHU9bLNMAXkRscZI961gcwfE6k-yyaoJDU8rThUoJJf8JcbvpddukdiobHqoug4IRWYQl-ITYpPPS1BRLfZ4lUN-sV-cOQk1AqLqCyFB6P9lBmz2cTrcG46vU1ck15zrC4OGJTKwjcG8gfMiN7nV0CQnzV0AnhK7BCKdLOV4VL00TJ4crAw-S9EewoRvZJ6jNErrBXBai2R1o3O-Z8PTu557LXHUmJdBZ8jxgOQYm0L6DeeNcR1jaATgWyefF8Id4tACmqRUkdWkfFvduRnJTnjHUaHr0kLllYwDO3yIbzc_7wOZTxy1ToEe1jEVY6B4wSzJx3t5eu1GpXGFuoesx0w9JJfZ_USoCZpcv-VtM4cHytlEX-lKXaIlV8HXRtOIPfqlhkojOef11XK7S8TbwVCdMuq2ELy7ve-EyH58BOSsqKUDZ-aLo_W_wAJps66arpKD2e8IQK8563OLkZ3kq_LZjH60X9vCpvdb7YniqWq3sfrpCUvR2GS1OAni2PYL5N4m62LBTiqNLgZifJKUQ0wo0owtYSGQ-NbQg8YyAhPrW-ifgEr9PeKIvw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
42ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021101201&jk=1004424079087782&bg=!8vGl8bXNAAao6lBpqOo7ACkAdvg8Whei34vaoVxCehuKawyORIQzp2x4xH_340-M-zwYAv9Npah1RwIAAAHrUgAAABBoAQeZAm8gx0VE6RWMOntqJ_3ORfQGw6ST4QJRGCpKTnAo0vUvLHQeowvyhs1ROjm0_I3bmRl-gTKHcv-_k6Qn-ZvYqtN0ROe7qZnIll8OmSC_yYb29NtjsqlVX1SmVT1VUOGID5luXe8rmF8btj_n3gplkYG1ut_vUzek1MQDo-d_SP2leg-p4pQVi_EChoVZ-dI4BSSua7UGjmoQf05wkUtCOqkWEIiLNQ8PumPTjyt7_2dzq3J1Uu3s_sCN7z_uw-aLO0kMuygimR2yprldqfikSFJuFlF3zIBX8HF65wCe-3TxBBEUV78nOzBZFSzxGIUJwDeZp3zc-491rjmMsaMzMsqnaTZnqOKJsJ7mdxVw5o_qHanUKJrDmlevDp9Xw8SE6_cdjVy5IhI3z9USzfi7DgouQXBSFYs2t37AsC06nwe3yB3oc-j5Rtq1D8lFq2qy_AFEq05gEydCL7h_cmltdctYniNWQ8_4n8ESB9amZYVMX4hbkDXI3m4n9z0_nnOfd1v__ePDuvb2AmTuzjkB89xF4yiYmEq-ueYC6s8IB1-N6voNV3csUGKYMwiGpL3wx9cYDSaWD4T4vaZKnCw38XZ7bXe8oCjF_yCjjTulP2-jAF2jcN-6vUnWlwxW7tQ7-3QW8LVcweScxS5swo86FwfyE9qqKnYsmw4MXiq6MnV7SrQqcvjNUpK1uUjtWAJxIaLV2F78WHWLbtcqkuEfsaclwuNZJd7FqlYRbfQ5VgYdK2kSrkqR4Esnuy6ku1DUgh5YyXpEm6fv_MZipB0i4OD9a7BAjkb21JFq01INdgVIYMnmaS_UptYNRLEoWdx2Sw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 117ms
116ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: cd5da7545ecdc273ff0310060da81e975f110e3083da7773500a593da4f01563

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Oct 2021 00:49:14 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1033 42 B
64 B 37ms
22ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssVMDaH40uaY0HEwN_7y_P6p2olefLHX3VPlDVcZgAefd2Tphk19CMje5SA1FLttzI8bkJxQePeJ7Sn_OvlNKxrjyysTL4EnK5g7mwavsqU-xUIUTBrJt8mrk_iKOZs6TYGU0m6Yjx2PFrs4_pfZujoFfwk68OJxX6QbXVDhp3dgFboC0KfZ4hqLJ86s01Gdqk9DPaFJaF_e1hsgg&sai=AMfl-YR0Gki9uvRvAipJzrdJ28ormMptftl01Q3qG-LmDRM7BJVVUtbhjs5iidUEiq0xryqkm-_uptmiLqLOBcJ4Lbh70qjTmDTSR2cFYv0mwYiHvNmIuKF9YMYbYcg&sig=Cg0ArKJSzFLl9niKfiJbEAE&id=lidar2&mcvt=1000&p=0,0,90,970&asp=1110,315,1200,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1723632371&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634431753284&rpt=155&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:14 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 c Show response
c.pub.network/ 36 B
98 B 130ms
130ms XHR
text/plain 35.201.71.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.pub.network/c
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/pubfig/pubfig.messaging.2.22.4.535fe0f4586de520edb0ca93a1249020044721f7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.71.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.71.201.35.bc.googleusercontent.com
Software: /
Resource Hash: cd5da7545ecdc273ff0310060da81e975f110e3083da7773500a593da4f01563

Request headers

Referer: https://anotepad.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 17 Oct 2021 00:49:14 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://anotepad.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 36

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 62E6 42 B
64 B 21ms
21ms Fetch
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstUPqZnChYNmqncERdLlvMaSVpejpxUmghsvMDX9Q4vRcjz32kY0CjR3ZrEojciTx22bmCNPMnRzTM0ohkxzXfMvmRv55_8QNYJwDApEccTevKhl4Y&sai=AMfl-YRnXD-nY8isqqSN1UpF80LsMwtlUKB2V0pqb2ezS-drkulHi1a97TOYKaLS8n1d_eJOqI1MnI4HYRDpKAlK_uxOqAWh8nycBfx9O38rt2oOrsurR81gsWaTIBNh&sig=Cg0ArKJSzKMK1yogYtB0EAE&cid=CAASFeRo2Y2jsiDQRNH5BqLHatK4QDlL3w&id=lidar2&mcvt=1000&p=1,1,183,971&asp=260,316,442,1286&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211013&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=9&adk=610960399&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1634431753621&rpt=386&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 9290 38 KB
14 KB 39ms
7ms Document
text/html 2.18.233.180

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=50325
expires: Sun, 17 Oct 2021 14:48:03 GMT
date: Sun, 17 Oct 2021 00:49:18 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 5CCC 281 B
554 B 44ms
6ms Document
text/html 104.109.78.125

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://anotepad.com/
Accept-Encoding: gzip, deflate, br
Cookie: rsid=1|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVwnwYaQOmrhRqqbYb+IjI/LQRqus1OnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKdWU6r+VKDRWVv/VO/a+hEPPQ==; khaos=KUUIGR0U-26-FH9K; audit=1|naVuGyos1qrYQUabZYwirwPDp1MUg9c70YlWV8+OAWnu4zDRmdQdE8SFRDiejdK/4ICd6Q+AmJtaZo7MRB/uMtAPlTu0R9RN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 17 Oct 2021 00:49:18 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame 03D3 1006 B
862 B 23ms
16ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: a9ec40d0e7cd6d34c30d396de287c04c42c0c2e7f72cb6d941b2ca664a367f38

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: i=f2df457a-5706-461c-9d83-5866a76709be|1634431751
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=f2df457a-5706-461c-9d83-5866a76709be|1634431751; Version=1; Expires=Mon, 17-Oct-2022 00:49:18 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1634431758|mOgeginskin0vNomiygu; Version=1; Expires=Mon, 01-Nov-2021 00:49:18 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.217.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sun, 17 Oct 2021 00:49:18 GMT
content-type: text/html
content-length: 543
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 9085 2 KB
1 KB 41ms
6ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://anotepad.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sun, 17 Oct 2021 00:49:18 GMT
Connection: keep-alive

GET
H2 200 pd Show response
eu-u.openx.net/w/1.0/ Frame D696 1006 B
850 B 23ms
18ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: a9ec40d0e7cd6d34c30d396de287c04c42c0c2e7f72cb6d941b2ca664a367f38

Request headers

:method: GET
:authority: eu-u.openx.net
:scheme: https
:path: /w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: i=f2df457a-5706-461c-9d83-5866a76709be|1634431751
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

vary: Accept, Accept-Encoding
set-cookie: i=f2df457a-5706-461c-9d83-5866a76709be|1634431751; Version=1; Expires=Mon, 17-Oct-2022 00:49:18 GMT; Max-Age=31536000; Secure; Domain=.openx.net; Path=/; SameSite=None pd=v2|1634431758|mOgeginskin0vNomiygu; Version=1; Expires=Mon, 01-Nov-2021 00:49:18 GMT; Max-Age=1296000; Secure; Domain=.openx.net; Path=/; SameSite=None
server: OXGW/16.217.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Sun, 17 Oct 2021 00:49:18 GMT
content-type: text/html
content-length: 543
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 3264 2 KB
1 KB 39ms
9ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://anotepad.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1151
Date: Sun, 17 Oct 2021 00:49:18 GMT
Connection: keep-alive

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 4DE1 52 KB
17 KB 51ms
7ms Document
text/html 2.18.232.130

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 -, , ASN (),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://anotepad.com/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=8665457160990187816; icu=ChgIodc0EAoYAiACKAIwh-atiwY4AkACSAIQh-atiwYYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Mon, 18 Oct 2021 00:49:20 GMT
Date: Sun, 17 Oct 2021 00:49:18 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 29B1 0
0 377ms
112ms Document
text/plain 67.202.105.23

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=cNQLIgg3Or7iD1aKlKyvbs&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.23 -, , ASN (),
Reverse DNS
Software: 33XP002 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&ru=deb&id=cNQLIgg3Or7iD1aKlKyvbs&gdpr_consent=undefined&us_privacy=undefined
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Sun, 17 Oct 2021 00:49:19 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2472 52 KB
17 KB 48ms
7ms Document
text/html 2.18.232.130

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 -, , ASN (),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://anotepad.com/
Accept-Encoding: gzip, deflate, br
Cookie: uuid2=8665457160990187816; icu=ChgIodc0EAoYAiACKAIwh-atiwY4AkACSAIQh-atiwYYAQ..
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: text/html
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Mon, 18 Oct 2021 00:49:20 GMT
Date: Sun, 17 Oct 2021 00:49:18 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 iframe Show response
mantodea.mantisadnetwork.com/prebid/ Frame 7AC4 250 B
487 B 112ms
111ms Document
text/html 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: df81f27eecd20dc520adc28394b76f0af92e595f2b0bf085abaeff111b48e84b

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: uuid=9a9f955e-cab9-4236-957b-8e19077c958e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

date: Sun, 17 Oct 2021 00:49:18 GMT
content-type: text/html; charset=utf-8
content-length: 250
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: W/"fa-cNq81bdjYHNg1+/tWtLuNZ4Fatc"

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A622 38 KB
14 KB 25ms
8ms Document
text/html 2.18.233.180

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/showad.js
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: KTPCACOOKIE=YES; KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:07:52 GMT
etag: "13006b6-974e-5c4c7cb53d8cb"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13946
content-type: text/html; charset=UTF-8
cache-control: public, max-age=50325
expires: Sun, 17 Oct 2021 14:48:03 GMT
date: Sun, 17 Oct 2021 00:49:18 GMT
vary: Accept-Encoding

GET
H2 200 iframe Show response
mantodea.mantisadnetwork.com/prebid/ Frame 6E53 250 B
487 B 111ms
111ms Document
text/html 3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Requested by: Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-4.42.6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: df81f27eecd20dc520adc28394b76f0af92e595f2b0bf085abaeff111b48e84b

Request headers

:method: GET
:authority: mantodea.mantisadnetwork.com
:scheme: https
:path: /prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anotepad.com/
accept-encoding: gzip, deflate, br
cookie: uuid=9a9f955e-cab9-4236-957b-8e19077c958e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/

Response headers

date: Sun, 17 Oct 2021 00:49:18 GMT
content-type: text/html; charset=utf-8
content-length: 250
x-powered-by: Express
vary: Origin
access-control-allow-credentials: true
cache-control: private, no-cache, no-store, must-revalidate
pragma: no-cache
expires: -1
etag: W/"fa-cNq81bdjYHNg1+/tWtLuNZ4Fatc"

GET
H/1.1

200
OK

sync
x.bidswitch.net/
Redirect Chain

https://x.bidswitch.net/sync?ssp=themediagrid
https://x.bidswitch.net/ul_cb/sync?ssp=themediagrid
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=themediagrid
https://x.bidswitch.net/sync?dsp_id=188&user_id=pdtY4Ek0TGhl93v7Ko92otiDcg0&user_group=1&ssp=themediagrid

43 B
220 B

8ms
8ms

Image
image/gif

18.185.143.19

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=188&user_id=pdtY4Ek0TGhl93v7Ko92otiDcg0&user_group=1&ssp=themediagrid
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.143.19 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://anotepad.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/sync?dsp_id=188&user_id=pdtY4Ek0TGhl93v7Ko92otiDcg0&user_group=1&ssp=themediagrid
Date: Sun, 17 Oct 2021 00:49:19 GMT
Connection: keep-alive
Content-Length: 140
Content-Type: text/html; charset=utf-8

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5

43 B
106 B

18ms
18ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:18 GMT
Server: PingMatch/v2.0.30-689-g30920c0#rel-ec2-master i-07db4e5334900ea3f@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://rtb.mfadsrvr.com/sync?ssp=bidswitch&bidswitch_ssp_id=openx&bsw_user_id=9f2649fa-7899-4ab1-920b-6faad94ce83f
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=openx&bsw_user_id=9f2649fa-7899-4ab1-920b-6faad94ce83f
https://x.bidswitch.net/sync?dsp_id=250&expires=14&user_id=b0ece90f-b6ed-4e01-97f4-19a77964392e&ssp=openx
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f

43 B
106 B

18ms
13ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f
Date: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816

43 B
122 B

22ms
22ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:18 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 42b1983f-290f-4bcb-b313-82f3a162a1cf
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame 03D3
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFMWUJrN0MxdVlBQUJ6Ry1kZEQ1dw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AALYB07C1uYAABzG-ddD5w&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...

43 B
163 B

92ms
16ms

Image
image/gif

185.86.137.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857

43 B
106 B

15ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sun, 17 Oct 2021 00:49:18 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 17 Oct 2021 00:49:17 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV

43 B
106 B

23ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=964995397847548209

43 B
106 B

24ms
17ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=964995397847548209
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=964995397847548209
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame 03D3 70 B
264 B 32ms
30ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=21737a23-fe81-79eb-c755-908ec3403a43&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 03D3 170 B
188 B 26ms
25ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQxY2E5ZTktMzdmNi0yNzRmLWQyYjUtY2EzNzA5YTJmNDIz

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 03D3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1

43 B
106 B

20ms
14ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=OPENX&rurl=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537072979%26val%3D_wfivefivec_
https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5

43 B
106 B

16ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:18 GMT
Server: PingMatch/v2.0.30-689-g30920c0#rel-ec2-master i-06de16c304b43890a@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072979&val=BlpTcOZw1MBUmy5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://x.bidswitch.net/sync?ssp=openx
https://cm.smadex.com/sync?sm_did=bds&bds_ssp_id=openx&bds_param=9f2649fa-7899-4ab1-920b-6faad94ce83f
https://x.bidswitch.net/sync?dsp_id=340&user_id=3a8b9544-e05f-4131-a6b8-d22eef0043af&expires=10&ssp=openx&bsw_param=9f2649fa-7899-4ab1-920b-6faad94ce83f
https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f

43 B
106 B

43ms
43ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location: //us-u.openx.net/w/1.0/sd?id=537072968&val=9f2649fa-7899-4ab1-920b-6faad94ce83f
Date: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://ib.adnxs.com/getuid?https://eu-u.openx.net/w/1.0/sd?id=537072399&val=$UID
https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816

43 B
106 B

16ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:18 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 51a0f19e-554d-492f-be41-7cbdbefef9fd
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://eu-u.openx.net/w/1.0/sd?id=537072399&val=8665457160990187816
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

redir
rtb-csync.smartadserver.com/ Frame D696
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ox
https://match.prod.bidr.io/cookie-sync/ox?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFMWUJVN0MxdVlBQUJ6Ry1kZEQ1dw&bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&b...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pm%2Cpp%2Csas%2Cox&bee_sync_current_partner=adx&bee_sync_initiator=ox&bee_sync_hop_count=1
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AALYB07C1uYAABzG-ddD5w&r=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csas%2Cox&bee_sync_current_partner=pm&bee_sync_initiator=adx&bee_sync_hop_count=2
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cox%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cox&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_part...

43 B
163 B

93ms
16ms

Image
image/gif

185.86.137.110

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
transfer-encoding: chunked
content-type: image/gif

Redirect headers

location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dox%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4%26userid%3DSMART_USER_ID
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857

43 B
106 B

16ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date: Sun, 17 Oct 2021 00:49:18 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x5 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://eu-u.openx.net/w/1.0/sd?id=536872786&val=6ef3616b-7308-4900-a7a1-df41050a2857
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 17 Oct 2021 00:49:17 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV

43 B
106 B

15ms
15ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=0&val=CN87XQndPQcT3zUNB4sgDA_fbAwT2DpcCN_rC_bV
pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

sd
eu-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=22
https://c1.adform.net/serving/cookie/match?CC=1&party=22
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5251699325527976924

43 B
106 B

23ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5251699325527976924
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: nginx
location: https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5251699325527976924
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 openx
match.adsrvr.org/track/cmf/ Frame D696 70 B
264 B 68ms
66ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/openx?oxid=21737a23-fe81-79eb-c755-908ec3403a43&gdpr=0
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D696 170 B
188 B 27ms
25ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MGQxY2E5ZTktMzdmNi0yNzRmLWQyYjUtY2EzNzA5YTJmNDIz

Requested by

Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame D696
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1

43 B
106 B

16ms
16ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1
Requested by: Host: eu-u.openx.net
URL: https://eu-u.openx.net/w/1.0/pd?plm=10&ph=89b2e804-9392-4144-aae0-0555f3960da4&gdpr=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.217.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eu-u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: OXGW/16.217.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEE2Ot87K4kuLYFIODz3q79I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 9290 5 KB
6 KB 13ms
13ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=76192518&p=156696&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 250d253bc7274dc0cf6fab5cfb792ff150a8c95ebe3b7da7fa4ac03fda2b49e0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:18 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 457F 2 KB
3 KB 25ms
25ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d9eaadc40e16c4af57c957487408e1b12c752395671de3dfbefa8a0ce37eb987

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YWtzCu2Nagi4IazFOt3d-AAA; CMPS=5195; CMPRO=1124; CMST=YWtzCmFrcwoA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 45|39|230|241|31|195|40|130
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1744
Expires: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YWtzCu2Nagi4IazFOt3d-AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 17 Oct 2022 00:49:18 GMT CMPS=5195;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 15 Jan 2022 00:49:18 GMT CMPRO=1124;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 15 Jan 2022 00:49:18 GMT CMRUM3=e6616b730e2760&2d616b730e05a0&1f616b730e05a00&28616b730e05a00&82616b730ea8c0&c3616b730e05a00&27616b730e0b40&f1616b730e05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 17 Oct 2022 00:49:18 GMT CMST=YWtzCmFrcw4A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 18 Oct 2021 00:49:18 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 5CCC 31 KB
9 KB 7ms
7ms Script
text/html 104.109.78.125

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=76708
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9275
Expires: Sun, 17 Oct 2021 22:07:46 GMT

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 3B85 2 KB
3 KB 29ms
17ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: febd5ef7ac4fba60c6ef5c197f7db08aa27dfe90a2dd777419bdbb33c496a88b

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YWtzCu2Nagi4IazFOt3d-AAA; CMPS=5195; CMPRO=1124; CMST=YWtzCmFrcwoA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|241|39|45|47|57|8|40
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1613
Expires: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YWtzCu2Nagi4IazFOt3d-AAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 17 Oct 2022 00:49:19 GMT CMPS=5195;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 15 Jan 2022 00:49:19 GMT CMPRO=1124;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 15 Jan 2022 00:49:19 GMT CMST=YWtzCmFrcw8A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 18 Oct 2021 00:49:19 GMT CMRUM3=08616b730f05a00&2f616b730f05a0&f1616b730f05a0&27616b730f0b40&39616b730f05a0&28616b730f05a00&e6616b730f2760&2d616b730f05a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Mon, 17 Oct 2022 00:49:19 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 4DE1 0
733 B 13ms
12ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 0a03f8b4-210b-467b-b1ca-2f88b44ec5a8
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2472 0
733 B 13ms
12ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: dd025b0f-932b-4b90-abbf-ed628fdcc341
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 0E44 35 B
467 B 19ms
19ms Document
image/gif 37.157.4.25

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=66232E30-42A6-4224-8517-A35A018D9163

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: GET
:authority: c1.adform.net
:scheme: https
:path: /serving/cookie/match?party=14&cid=66232E30-42A6-4224-8517-A35A018D9163
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: C=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
set-cookie: uid=6320315628426885412; expires=Thu, 16 Dec 2021 00:49:19 GMT; domain=adform.net; path=/; secure; samesite=none
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 5979
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795

42 B
520 B

121ms
33ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_336=5844-5628855933545395795; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PugT=1634431759; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:19 GMT; path=/
x-lat: lhrpug017:0:405
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5628855933545395795
set-cookie: guid=1.5628855933545395795; Max-Age=31104000; Path=/; Domain=.de17a.com;
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5320
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
205 B

132ms
17ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:19 GMT; path=/
x-lat: lhrpug014:0:384
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

date: Sun, 17 Oct 2021 00:49:18 GMT
server: Kestrel
content-length: 0
cache-control: no-cache
pragma: no-cache
expires: Sun, 17 Oct 2021 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1175106

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D1A5
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271

42 B
311 B

141ms
17ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_1101=23040-7019830952449669271; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PugT=1634431759; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:19 GMT; path=/
x-lat: lhrpug018:0:408
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Sun, 17 Oct 2021 00:49:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=7019830952449669271; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7019830952449669271

GET
H/1.1

200
OK

redir Show response
rtb-csync.smartadserver.com/ Frame DA13
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFNc0trN0MxdVlBQUJUbjVVZnM0UQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AALYB07C1uYAABzG-ddD5w&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AALYB07C1uYAABzG-ddD5w&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...

43 B
163 B

91ms
16ms

Document
image/gif

185.86.137.110

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.110 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Host: rtb-csync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Cookie: pid=3325762382065865149
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif
transfer-encoding: chunked

Redirect headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
location: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AALYB07C1uYAABzG-ddD5w&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3417
Redirect Chain

https://csync.loopme.me/?redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={device_id}&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0

0
243 B

98ms
16ms

Document
text/html

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html; charset=utf-8
x-lat: lhrpug017:2:281
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private
content-encoding: gzip

Redirect headers

set-cookie: viewer_token=cb7d52ed-39b5-4609-9366-b24d7aecf5b9; path=/; domain=csync.loopme.me; Expires=Wed, 17-Nov-2021 00:49:19 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={device_id}&gdpr=0
content-length: 0
date: Sun, 17 Oct 2021 00:49:19 GMT
server: _

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6791
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7682644081
https://sync.1rx.io/usersync/tradedesk/d5d863bf-fdb6-4939-a2d1-4e447e72136f
https://sync.targeting.unrulymedia.com/csync/RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003

42 B
329 B

20ms
18ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203; KRTBCOOKIE_336=5844-5628855933545395795; PugT=1634431759; PUBMDCID=3; KRTBCOOKIE_57=22776-8665457160990187816; KRTBCOOKIE_80=22987-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&16514-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&23025-CAESEDgYjtVALxcXupa74KkHkQw; KRTBCOOKIE_153=19420-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM&KRTB&22979-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM; KRTBCOOKIE_409=22966-nZacCvJfQuKDelkq271YXqMR; SPugT=1634431758; KRTBCOOKIE_1101=23040-7019830952449669271; KRTBCOOKIE_27=16735-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&16736-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23019-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23114-uid:6ef3616b-7308-4900-a7a1-df41050a2857; KRTBCOOKIE_391=22924-6320315628426885412&KRTB&23263-6320315628426885412; KRTBCOOKIE_377=6810-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&22918-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&23031-d5d863bf-fdb6-4939-a2d1-4e447e72136f; KRTBCOOKIE_218=22978-YWtzCAAAAE1L1QAR&KRTB&23194-YWtzCAAAAE1L1QAR&KRTB&23209-YWtzCAAAAE1L1QAR&KRTB&23244-YWtzCAAAAE1L1QAR
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_594=17107-RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PugT=1634431759; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:19 GMT; path=/
x-lat: lhrpug019:0:459
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003%22%7D; path=/; expires=Mon, 17 Oct 2022 00:49:19 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003
etag: RXd4d872b386274a9ba53d1b669f669020003

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame B092
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR

42 B
316 B

56ms
34ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: image2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; chkChromeAb67Sec=1; DPSync3=1635638400%3A201_197_219%7C1634515200%3A174; SyncRTB3=1635638400%3A21_8_71_176_7_166_99_88_165_189_81_231_56_22_55_230_3_222_220_54_161_234_13_204%7C1635033600%3A223_15_2%7C1635724800%3A35%7C1635292800%3A63%7C1637020800%3A203
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_409=22966-nZacCvJfQuKDelkq271YXqMR; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PugT=1634431759; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:19 GMT; path=/
x-lat: lhrpug016:0:412
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Sun, 17 Oct 2021 00:49:19 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=nZacCvJfQuKDelkq271YXqMR; Max-Age=31536000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=nZacCvJfQuKDelkq271YXqMR
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK bridge Show response
cm.adgrx.com/ Frame 6096 43 B
408 B 130ms
25ms Document
image/gif 72.251.241.196

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.196 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Host: cm.adgrx.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
server: Cowboy
X-RealServer-NX: ams-delivery-5
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Pragma: no-cache
Expires: Thu, 23 Sep 2004 17:42:04 GMT
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *

GET
H2 404 dpe Show response
ad4m.at/ad/ Frame C2CE 15 B
915 B 113ms
39ms Document
text/plain 104.26.10.209

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.26.10.209 -, , ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/plain; charset=utf-8
content-length: 15
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 69f586bea8ac2788-PRG

GET
H3 200 i.match Show response
a.tribalfusion.com/ Frame 49F9 43 B
760 B 722ms
699ms Document
image/gif 104.18.12.5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.12.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

:method: GET
:authority: a.tribalfusion.com
:scheme: https
:path: /i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: ANON_ID=a4nseFSZdIiiSTnMSYlNl4XG9F9XaYXZaQXZd1Snvqt0uRgJK5WJuFEG8GeILj6sBCY3e0tEyRhvW4m3navwI3U
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif; charset=utf-8
content-length: 43
p3p: CP="NOI DEVo TAIa OUR BUS"
x-function: 302
cache-control: no-cache private
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: ANON_ID=aLnvfMpkijdDifqAaEskGF67Y81qyOgp3NTdu4uTocRKnxPQUKsbEyKtZbIIRNy39Suv4DXHbB7NhJFc4PV0ZaKqWeTbK0NmgqwWoEnKyeAVViUR6JAcOv; path=/; domain=.tribalfusion.com; expires=Sat, 15-Jan-2022 00:49:19 GMT; SameSite=None; Secure; ANON_ID_old=aLnvfMpkijdDifqAaEskGF67Y81qyOgp3NTdu4uTocRKnxPQUKsbEyKtZbIIRNy39Suv4DXHbB7NhJFc4PV0ZaKqWeTbK0NmgqwWoEnKyeAVViUR6JAcOv; path=/; domain=.tribalfusion.com; expires=Sat, 15-Jan-2022 00:49:19 GMT;
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 69f586be684cf9e6-PRG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2

200

rtb-h Show response
match.taboola.com/sg/pubmatic-ssp-network/1/ Frame 42AF
Redirect Chain

https://trc.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=uid:$UID
https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdSe...

0
53 B

59ms
24ms

Document
text/plain

151.101.1.44

General

Check archive.org

Show headers Download Go to

Full URL: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.44 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.taboola.com
:scheme: https
:path: /sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: t_gid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
accept-ranges: bytes
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 varnish
x-served-by: cache-fra19124-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1634431759.165519,VS0,VE8
content-length: 0

Redirect headers

server: nginx
set-cookie: t_gid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f;Version=1;Path=/;Domain=.taboola.com;Expires=Mon, 17-Oct-2022 00:49:19 GMT;Max-Age=31536000;Secure;SameSite=None
location: https://match.taboola.com/sg/pubmatic-ssp-network/1/rtb-h?taboola_hm=1&tbid=df72c9ba-2b46-45e7-bb8f-fc00674f2df0-tuct864f88f&query=taboola_hm%3D1%26redir%3Dhttps%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw%26piggybackCookie%3Duid%3A%24UID&isDirect=0
accept-ranges: bytes
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 varnish
x-served-by: cache-fra19124-FRA
x-cache: MISS
x-cache-hits: 0
x-timer: S1634431759.096287,VS0,VE8
x-vcl-time-ms: 8
content-length: 0

GET
H2 200 141 Show response
match.deepintent.com/usersync/ Frame D419 0
44 B 320ms
101ms Document
text/plain 38.91.45.7

General

Check archive.org

Show headers Download Go to

Full URL: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 38.91.45.7 -, , ASN (),
Reverse DNS
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: match.deepintent.com
:scheme: https
:path: /usersync/141?gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

content-length: 0
date: Sun, 17 Oct 2021 00:49:19 GMT
server: b

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9290
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ZiMuMEKmQiSFF6NaAY2RYw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

34ms
17ms

Image
text/html

2.18.233.180

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=40566
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Sun, 17 Oct 2021 12:05:25 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6ef3616b-7308-4900-a7a1-df41050a2857

0
260 B

136ms
12ms

Image
text/plain

185.64.189.114

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6ef3616b-7308-4900-a7a1-df41050a2857
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=6ef3616b-7308-4900-a7a1-df41050a2857
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 17 Oct 2021 00:49:18 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 9290
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=66232E30-42A6-4224-8517-A35A018D9163
https://spl.zeotap.com/?zdid=1332&zcluid=5c987e6a8ebdc5e1
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab494ae046c&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESEM43Hbhb6IiaB84k3KgWtQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab...

95 B
164 B

37ms
29ms

Image
image/png

172.67.13.182

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESEM43Hbhb6IiaB84k3KgWtQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab494ae046c&zcluid=5c987e6a8ebdc5e1&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.13.182 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 69f586c079002774-PRG
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESEM43Hbhb6IiaB84k3KgWtQ8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=e7fcbfff-713d-40a5-60b1-d6e3e86bcb1f&reqId=ce9057e5-7030-4fae-56fb-1ab494ae046c&zcluid=5c987e6a8ebdc5e1&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=NjYyMzJFMzAtNDJBNi00MjI0LTg1MTctQTM1QTAxOEQ5MTYz&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
110 B

96ms
35ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug005:0:420
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDgYjtVALxcXupa74KkHkQw&google_cver=1

42 B
383 B

94ms
34ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDgYjtVALxcXupa74KkHkQw&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug002:0:443
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEDgYjtVALxcXupa74KkHkQw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 9290 43 B
409 B 15ms
11ms Image
image/gif 159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sat, 16 Oct 2021 00:49:19 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d5d863bf-fdb6-4939-a2d1-4e447e72136f

42 B
396 B

128ms
19ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d5d863bf-fdb6-4939-a2d1-4e447e72136f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug003:0:473
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d5d863bf-fdb6-4939-a2d1-4e447e72136f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6320315628426885412

42 B
333 B

140ms
18ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6320315628426885412
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug005:0:505
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=6320315628426885412
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6ef3616b-7308-4900-a7a1-df41050a2857&gdpr=0&gdpr_consent=

42 B
441 B

133ms
18ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6ef3616b-7308-4900-a7a1-df41050a2857&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:446
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x7 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:6ef3616b-7308-4900-a7a1-df41050a2857&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 17 Oct 2021 00:49:18 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8665457160990187816&gdpr=0&gdpr_consent=

42 B
310 B

94ms
33ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8665457160990187816&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug003:0:409
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: b6501390-53d2-46c8-97b3-59c805575986
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8665457160990187816&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM

42 B
370 B

97ms
34ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:463
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=66232E30-42A6-4224-8517-A35A018D9163&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-HmbFyypE2uWoyr24NF61IK9timskhfQ-~A&gdpr=0&gdpr_consent=

0
48 B

128ms
13ms

Image
text/plain

185.64.189.114

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-HmbFyypE2uWoyr24NF61IK9timskhfQ-~A&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: ATS/7.1.2.138
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-HmbFyypE2uWoyr24NF61IK9timskhfQ-~A&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 66232E30-42A6-4224-8517-A35A018D9163
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 9290 43 B
918 B 139ms
37ms Image
image/gif 212.82.100.176

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/66232E30-42A6-4224-8517-A35A018D9163?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

212.82.100.176 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

sync
odr.mookie1.com/t/v2/ Frame 9290
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9f2649fa-7899-4ab1-920b-6faad94ce83f&ssp=pubmatic&gdpr=0&gdpr_consent=

43 B
609 B

99ms
36ms

Image
image/gif

34.98.67.61

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9f2649fa-7899-4ab1-920b-6faad94ce83f&ssp=pubmatic&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: //odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=9f2649fa-7899-4ab1-920b-6faad94ce83f&ssp=pubmatic&gdpr=0&gdpr_consent=
Date: Sun, 17 Oct 2021 00:49:19 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWtzCAAAAE1L1QAR&gdpr=0&gdpr_consent=

1 B
336 B

143ms
19ms

Image
text/html

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWtzCAAAAE1L1QAR&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug016:0:2197
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634431759.080910,VS0,VE0
x-served-by: cache-fra19125-FRA
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YWtzCAAAAE1L1QAR&gdpr=0&gdpr_consent=
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 9290 0
104 B 170ms
68ms Image
text/plain 89.207.16.140

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=66232E30-42A6-4224-8517-A35A018D9163&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 89.207.16.140 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553&gdpr=0&gdpr_consent=

42 B
332 B

20ms
19ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:466
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:18 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4055899242351198607&gdpr=0&gdpr_consent=&us_privacy=

1 B
268 B

18ms
18ms

Image
text/html

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4055899242351198607&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug015:0:496
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4055899242351198607&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1a56942f-312c-445f-b5a2-4fbd3eefe17f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
110 B

18ms
17ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1a56942f-312c-445f-b5a2-4fbd3eefe17f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug020:0:354
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:1a56942f-312c-445f-b5a2-4fbd3eefe17f&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 9290
Redirect Chain

https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8665457160990187816

42 B
110 B

18ms
17ms

Image
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8665457160990187816
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:411
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 718.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 880069b2-0b5b-46e0-b22f-90d022c75b42
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=8665457160990187816
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 d1ba4609
rtb.gumgum.com/getuid/ Frame 9290 35 B
238 B 125ms
32ms Image
image/gif 52.18.52.16

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.52.16 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 7AC4 2 KB
1 KB 104ms
28ms Script
application/javascript 104.16.201.58

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=615310f2492aff0015b58949&s=anotepad.com
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:39 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586bed9def9de-PRG
content-length: 1146
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2

200

query
ecs.mantisadnetwork.com/sync/pixel/ Frame 7AC4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f

35 B
152 B

138ms
119ms

Image
image/gif

3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
x-powered-by: Express
etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 241

GET
H2 200 fltiu.js Show response
pixel.yabidos.com/ Frame 6E53 2 KB
1 KB 102ms
28ms Script
application/javascript 104.16.201.58

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=615310f2492aff0015b58949&s=anotepad.com
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:39 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586bed9e1f9de-PRG
content-length: 1146
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2

200

query
ecs.mantisadnetwork.com/sync/pixel/ Frame 6E53
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=rjrqv8k&ttd_tpi=1
https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f

35 B
152 B

140ms
121ms

Image
image/gif

3.214.91.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.214.91.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-214-91-80.compute-1.amazonaws.com
Software: / Express
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
x-powered-by: Express
etag: W/"23-X71HIiL+uKIs9biqXcW44Tr4jis"
content-length: 35
content-type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ecs.mantisadnetwork.com/sync/pixel/query?source=tradedesk&id=d5d863bf-fdb6-4939-a2d1-4e447e72136f
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 241

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 457F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YWtzCu2Nagi4IazFOt3d-AAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1

43 B
1 KB

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 457F 70 B
264 B 33ms
30ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 457F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1

43 B
315 B

50ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 457F
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

43 B
645 B

112ms
110ms

Image
image/gif

209.54.176.128

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.176.128 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: WAKPW9C8SQ943QP2DV32
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: NDXTAXJERDJ2FFG8GV44
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 457F
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6877181591705925327&uid=Q6877181591705925327&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

8ms
7ms

Image
image/gif

104.111.242.53

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.53 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 457F
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-13f1c0a4-78ea-4ef4-8145-e5ca7221b86f

43 B
1 KB

15ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-13f1c0a4-78ea-4ef4-8145-e5ca7221b86f
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-13f1c0a4-78ea-4ef4-8145-e5ca7221b86f
date: Sun, 17 Oct 2021 00:49:19 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 457F
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALYB07C1uYAABzG-ddD5w&expiration=1635641359&gdpr=1

43 B
1 KB

12ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALYB07C1uYAABzG-ddD5w&expiration=1635641359&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AALYB07C1uYAABzG-ddD5w&expiration=1635641359&gdpr=1
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 457F 43 B
424 B 10ms
9ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YWtzCu2Nagi4IazFOt3d-AAA%261124
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=712
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 01:01:11 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 6B1F
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

101ms
97ms

Document
text/html

54.208.142.27

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.142.27 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b337997e748619db4d0e9abfe087c2c050d93003b88eedaa9515857a6c58312

Request headers

:method: GET
:authority: um2.eqads.com
:scheme: https
:path: /um/cs&eq_cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
cookie: EQUser=UID=e0c94a26-ee95-43bf-afb6-3526a9e1f3e7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Sun, 17 Oct 2021 00:49:19 GMT
pragma: no-cache

Redirect headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1
set-cookie: EQUser=UID=e0c94a26-ee95-43bf-afb6-3526a9e1f3e7; Path=/; Domain=eqads.com; Expires=Mon, 17 Jan 2022 00:49:19 GMT; Secure; SameSite=None

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 3B85
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1

43 B
315 B

29ms
23ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 3B85
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

43 B
645 B

107ms
107ms

Image
image/gif

209.54.176.128

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.176.128 -, , ASN (),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: J8KKCP1MBQAH11WYPZFV
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: DJ8PSHQ7G2T579TMGF48
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 3B85 70 B
264 B 47ms
35ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3B85
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YWtzCu2Nagi4IazFOt3d-AAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1

43 B
1 KB

13ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAZS6C4lL5XM37jw-feCB_8&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3B85
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=BlpTcOZw1MBUmy5&gdpr=1

43 B
1 KB

74ms
28ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=BlpTcOZw1MBUmy5&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:18 GMT
Server: PingMatch/v2.0.30-689-g30920c0#rel-ec2-master i-06de16c304b43890a@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Strict-Transport-Security: max-age=2592000; includeSubDomains
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=BlpTcOZw1MBUmy5&gdpr=1
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3B85
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433821438073588

43 B
1 KB

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433821438073588
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=5107433821438073588
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 3B85
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=de7961f2-655b-44f8-998c-391183e56670&expiration=1665967759

43 B
1 KB

12ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=de7961f2-655b-44f8-998c-391183e56670&expiration=1665967759
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=de7961f2-655b-44f8-998c-391183e56670&expiration=1665967759
date: Sun, 17 Oct 2021 00:49:19 GMT
server: Kestrel
content-length: 0

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 3B85 43 B
424 B 27ms
17ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YWtzCu2Nagi4IazFOt3d-AAA%261124
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=712
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 01:01:11 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 8A6E
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

101ms
96ms

Document
text/html

54.208.142.27

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https://anotepad.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.208.142.27 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b337997e748619db4d0e9abfe087c2c050d93003b88eedaa9515857a6c58312

Request headers

:method: GET
:authority: um2.eqads.com
:scheme: https
:path: /um/cs&eq_cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
cookie: EQUser=UID=e0c94a26-ee95-43bf-afb6-3526a9e1f3e7
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Sun, 17 Oct 2021 00:49:19 GMT
pragma: no-cache

Redirect headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1
set-cookie: EQUser=UID=7bf711dc-2499-4208-9b44-158accf171c1; Path=/; Domain=eqads.com; Expires=Mon, 17 Jan 2022 00:49:19 GMT; Secure; SameSite=None

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5CCC
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/kLM3PtUmr6LkujSeRGgVecn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4430906362507146405

0
239 B

10ms
8ms

Image
image/gif

69.173.144.139

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4430906362507146405
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

date: Sun, 17 Oct 2021 00:49:19 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=4430906362507146405
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CCC
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGJhNDFlN2Y4NTA1MWM5ZDg2NzI5YjZlOTU2OTc2NDJhMzQxMTdlOQ

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGJhNDFlN2Y4NTA1MWM5ZDg2NzI5YjZlOTU2OTc2NDJhMzQxMTdlOQ

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGJhNDFlN2Y4NTA1MWM5ZDg2NzI5YjZlOTU2OTc2NDJhMzQxMTdlOQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 5CCC
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUUIGR0U-26-FH9K&sigv=1&esig=2~dfd4e75cc804a2922b2d12934c031f5c01e0098f

0
445 B

75ms
20ms

Image
text/plain

87.248.118.22

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUUIGR0U-26-FH9K&sigv=1&esig=2~dfd4e75cc804a2922b2d12934c031f5c01e0098f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

87.248.118.22 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KUUIGR0U-26-FH9K&sigv=1&esig=2~dfd4e75cc804a2922b2d12934c031f5c01e0098f
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5CCC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWtzCAAAAE1L1QAR

0
239 B

56ms
6ms

Image
image/gif

69.173.144.139

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWtzCAAAAE1L1QAR
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1634431759.165509,VS0,VE0
x-served-by: cache-fra19125-FRA
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YWtzCAAAAE1L1QAR
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 5CCC
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6ef3616b-7308-4900-a7a1-df41050a2857&expires=28

0
239 B

55ms
7ms

Image
image/gif

69.173.144.139

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6ef3616b-7308-4900-a7a1-df41050a2857&expires=28
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x30 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=6ef3616b-7308-4900-a7a1-df41050a2857&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 17 Oct 2021 00:49:18 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 5CCC 0
0 61ms
43ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5CCC
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VVSUdSMFUtMjYtRkg5Sw==

170 B
188 B

23ms
22ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VVSUdSMFUtMjYtRkg5Sw==

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1VVSUdSMFUtMjYtRkg5Sw==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 5CCC 70 B
264 B 54ms
48ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 6E53 30 KB
23 KB 20ms
20ms Script
application/javascript 104.16.201.58

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1634431759230&ver1=2.2.3&qid=83233313f553333313f513430313&rnd=wqsvhmfuc9ht&cid=1041
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=615310f2492aff0015b58949&s=anotepad.com
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:39 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586bf9a26f9de-PRG
content-length: 23972
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2 200 flimpobj.js Show response
pixel.yabidos.com/ Frame 7AC4 30 KB
23 KB 27ms
27ms Script
application/javascript 104.16.201.58

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.yabidos.com/flimpobj.js?cb=1634431759231&ver1=2.2.3&qid=83233313f553333313f513430313&rnd=1xv4ifg7ttyf&cid=1041
Requested by: Host: pixel.yabidos.com
URL: https://pixel.yabidos.com/fltiu.js?qid=83233313f553333313f513430313&cid=1041&p=615310f2492aff0015b58949&s=anotepad.com
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.16.201.58 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:39 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586bf9a28f9de-PRG
content-length: 23972
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 6E53 26 B
304 B 65ms
21ms Image
image/gif 104.16.63.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1634431759335&rnd=wqsvhmfuc9ht&ifm=1&uai=1&cid=1041&s=anotepad.com&p=615310f2492aff0015b58949&x=&adtg=&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.63.54 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:33 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586c05b1f4126-PRG
content-length: 26
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 6E53 26 B
111 B 66ms
22ms Image
image/gif 104.16.63.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1634431759322617&ver=1.2r81&qid=83233313f553333313f513430313&p=615310f2492aff0015b58949&s=anotepad.com&x=&cid=1041&od1=&od2=&adtg=&nci=&nai=&si=&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=wqsvhmfuc9ht&impid=&tps=2&ver1=2.2.3&1=048e35510a392e9dc0585cdbc9b59a23&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=1041&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=25&icp=https%253A//anotepad.com/&irfl=25&irf=https%253A//anotepad.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-28-p-fl-24-s-fl-12-x-fl-0-cid-fl-4-od1-fl-0-od2-fl-0-adtg-fl-0-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.7_undefined_null_0_undefined_false&fli=&flerr=0&trim=&fio=21
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752056&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.63.54 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:26 GMT
server: cloudflare
age: 4165
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586c05b204126-PRG
content-length: 26
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2 200 vbl.gif
pre.glotgrx.com/ Frame 7AC4 26 B
84 B 29ms
22ms Image
image/gif 104.16.63.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/vbl.gif?cb=1634431759373&rnd=1xv4ifg7ttyf&ifm=1&uai=1&cid=1041&s=anotepad.com&p=615310f2492aff0015b58949&x=&adtg=&ats=0&atf=&nsi=&si=&nci=&nai=&pft=0&iip=0&adb=1&adc=0&adcd=i0_f0_o0_e0&ai=&icp=undefined&impid=
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.63.54 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:33 GMT
server: cloudflare
age: 4166
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586c05b224126-PRG
content-length: 26
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H2 200 nflrc.gif
pre.glotgrx.com/ Frame 7AC4 26 B
84 B 31ms
25ms Image
image/gif 104.16.63.54

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pre.glotgrx.com/nflrc.gif?cb=1634431759361976&ver=1.2r81&qid=83233313f553333313f513430313&p=615310f2492aff0015b58949&s=anotepad.com&x=&cid=1041&od1=&od2=&adtg=&nci=&nai=&si=&ai=&nsi=&co=0&cstm1=&cstm2=&cstm3=&rnd=1xv4ifg7ttyf&impid=&tps=2&ver1=2.2.3&1=048e35510a392e9dc0585cdbc9b59a23&2=0.0&3=1200_1600_1200_1600_24_24_1&5=%7B%220%22%3A%7B%220%22%3A%22Chrome%2520PDF%2520Plugin%2520-%2520%2520-%2520internal-pdf-viewer%2520-%2520Portable%2520Document%2520Formatfl_br%22%2C%221%22%3A%22Chrome%2520PDF%2520Viewer%2520-%2520%2520-%2520mhjfbmdgcfjbbpaeojofohoefgiehjai%2520-%2520fl_br%22%2C%222%22%3A%22Native%2520Client%2520-%2520%2520-%2520internal-nacl-plugin%2520-%2520fl_br%22%7D%7D&6=2&7={%22e%22:%2211%22,%22m%22:%220%22,%22f%22:%223428%22}&ats=0&atf=&dbgcid=1041&ifm=1&penv=b&pt=&ptbp=&tw=0&ldp=1&icpl=25&icp=https%253A//anotepad.com/&irfl=25&irf=https%253A//anotepad.com/&cty=4&fcs=0&flky=ver-fl-6-qid-fl-28-p-fl-24-s-fl-12-x-fl-0-cid-fl-4-od1-fl-0-od2-fl-0-adtg-fl-0-nci-fl-0-nai-fl-0-si-fl-0-ai-fl-0-nsi-fl-0-co-fl-0-cstm1-fl-0-cstm2-fl-0-cstm3-fl-0-rnd-fl-12-impid-fl-0-tps-fl-0-cb-fl-13-ver1-fl-5-&spfp=1&spfnp=0&sp1=Chromefl_andLinux&sp2=Chromefl_andWindows&adv=0&det=1&adb=1&iip=0&spf=0&adc=0&adcd=i0_f0_o0_e0&vps=0x0&gpu=Intel%20Iris%20OpenGL%20Engine&ncf=4g_9.7_undefined_null_0_undefined_false&fli=&flerr=0&trim=&fio=20
Requested by: Host: mantodea.mantisadnetwork.com
URL: https://mantodea.mantisadnetwork.com/prebid/iframe?tz=0&buster=1634431752041&secure=true&version=9&uuid=ff275e7a-8094-4a6e-a4fb-a08aa0c13f81&title=Online%20Notepad%20-%20Website%20Bandar%20Judi%20Secara%20Online%20Semua%20Gaming%20Terfavorit%20di%20Indonesia&url=https%3A%2F%2Fanotepad.com%2Fnotes%2Fexc8ajpf
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.63.54 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mantodea.mantisadnetwork.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cf-cache-status: HIT
last-modified: Sat, 16 Oct 2021 23:00:26 GMT
server: cloudflare
age: 4165
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 69f586c05b214126-PRG
content-length: 26
expires: Sun, 17 Oct 2021 02:49:19 GMT

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 8A6E 43 B
1 KB 20ms
19ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=e0c94a26-ee95-43bf-afb6-3526a9e1f3e7&expiration=1642380559
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 6B1F 43 B
1 KB 13ms
13ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=e0c94a26-ee95-43bf-afb6-3526a9e1f3e7&expiration=1642380559
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 17 Oct 2021 00:49:19 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 4DE1 0
733 B 13ms
13ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:20 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 441d0dce-84cb-42bc-bf22-3a67d9aa895d
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2472 0
733 B 15ms
15ms Script
text/html 185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 17 Oct 2021 00:49:20 GMT
X-Proxy-Origin: 216.131.114.13; 216.131.114.13; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 4c0e40b8-1adf-414e-b8ff-720376c65f59
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 9290 0
128 B 20ms
13ms Script
text/plain 185.64.189.114

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156696&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:19 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A622 2 KB
2 KB 14ms
13ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=42958286&p=156696&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e672c9bb4feb8c67587634fbd730cfd3adbbd8c3a8b29d4b8f97d3caa1e30e5c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 1586
content-type: text/html; charset=UTF-8

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 682F
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=

42 B
473 B

18ms
17ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; KRTBCOOKIE_336=5844-5628855933545395795; PugT=1634431759; PUBMDCID=3; KRTBCOOKIE_57=22776-8665457160990187816; KRTBCOOKIE_80=22987-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&16514-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&23025-CAESEDgYjtVALxcXupa74KkHkQw; KRTBCOOKIE_153=19420-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM&KRTB&22979-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM; KRTBCOOKIE_409=22966-nZacCvJfQuKDelkq271YXqMR; KRTBCOOKIE_1101=23040-7019830952449669271; KRTBCOOKIE_27=16735-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&16736-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23019-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23114-uid:6ef3616b-7308-4900-a7a1-df41050a2857; KRTBCOOKIE_391=22924-6320315628426885412&KRTB&23263-6320315628426885412; KRTBCOOKIE_377=6810-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&22918-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&23031-d5d863bf-fdb6-4939-a2d1-4e447e72136f; KRTBCOOKIE_218=22978-YWtzCAAAAE1L1QAR&KRTB&23194-YWtzCAAAAE1L1QAR&KRTB&23209-YWtzCAAAAE1L1QAR&KRTB&23244-YWtzCAAAAE1L1QAR; KRTBCOOKIE_594=17107-RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003; KRTBCOOKIE_188=3189-d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553; KRTBCOOKIE_22=14911-4055899242351198607; KRTBCOOKIE_699=22727-AALYB07C1uYAABzG-ddD5w; SPugT=1634431759; chkChromeAb67Sec=2; DPSync3=1635638400%3A219_221_226_227_235_201_197%7C1634515200%3A174; SyncRTB3=1637020800%3A203%7C1635724800%3A35%7C1639612800%3A69%7C1635638400%3A8_56_57_166_189_22_234_222_99_231_230_3_54_161_176_204_7_88_165_81_13_233_21_71_55_220_104_5%7C1635033600%3A15_223_2%7C1635292800%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:22 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_107=1471-uid:BlpTcOZw1MBUmy5; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:22 GMT; path=/ PugT=1634431762; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:22 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:22 GMT; path=/
x-lat: lhrpug005:0:416
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Cache-Control: no-cache, must-revalidate
Date: Sun, 17 Oct 2021 00:49:21 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:BlpTcOZw1MBUmy5&gdpr=0&gdpr_consent=
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Pragma: no-cache
Server: PingMatch/v2.0.30-689-g30920c0#rel-ec2-master i-0081ebc652be302bb@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Set-Cookie: wfivefivec=BlpTcOZw1MBUmy5; Domain=.w55c.net; Expires=Thu, 17-Nov-2022 00:49:22 GMT; Path=/; SameSite=None; Secure matchpubmatic=5; Domain=.w55c.net; Expires=Tue, 16-Nov-2021 00:49:22 GMT; Path=/; SameSite=None; Secure
Strict-Transport-Security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H2

200

match_redirect Show response
um.simpli.fi/ Frame 3ABC
Redirect Chain

https://match.bnmla.com/usersync?sspid=10738&redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D%5BUUID%5D
https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID

43 B
361 B

12ms
12ms

Document
image/gif

159.253.128.183
SOFTLAYER

General

Check archive.org

Show headers Download Go to

Full URL

https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.183 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

b7.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: um.simpli.fi
:scheme: https
:path: /match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: suid=E7656671465E4441B1F9C307A395EA23
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Sun, 17 Oct 2021 00:49:22 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

Redirect headers

Server: nginx
Date: Sun, 17 Oct 2021 00:49:22 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: rx_sspurl_10738=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3NzUmdGw9MTI5NjAw%26piggybackCookie%3D88714b8b-db5f-4a5c-818c-421cde27a7ec; domain=.bnmla.com; path=/; SameSite=none; Secure; Expires=Sun, 17 Oct 2021 00:59:22 GMT rx_uuid=88714b8b-db5f-4a5c-818c-421cde27a7ec; domain=.bnmla.com; path=/; SameSite=none; Secure; Expires=Mon, 01 Nov 2021 00:49:22 GMT rx_maxage_10738=1635727762; domain=.bnmla.com; path=/; SameSite=none; Secure; Expires=Mon, 01 Nov 2021 00:49:22 GMT rx_sspid_10738=6; domain=.bnmla.com; path=/; SameSite=none; Secure; Expires=Sun, 17 Oct 2021 00:59:22 GMT
Location: https://um.simpli.fi/match_redirect?sifi_redir=https%3A%2F%2Fmatch.bnmla.com%2Fusersync%3Fdspid%3D6%26uuid%3D%24UID

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8641
Redirect Chain

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23

1 B
92 B

18ms
17ms

Document
text/html

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; KRTBCOOKIE_336=5844-5628855933545395795; PugT=1634431759; PUBMDCID=3; KRTBCOOKIE_57=22776-8665457160990187816; KRTBCOOKIE_80=22987-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&16514-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&23025-CAESEDgYjtVALxcXupa74KkHkQw; KRTBCOOKIE_153=19420-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM&KRTB&22979-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM; KRTBCOOKIE_409=22966-nZacCvJfQuKDelkq271YXqMR; KRTBCOOKIE_1101=23040-7019830952449669271; KRTBCOOKIE_27=16735-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&16736-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23019-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23114-uid:6ef3616b-7308-4900-a7a1-df41050a2857; KRTBCOOKIE_391=22924-6320315628426885412&KRTB&23263-6320315628426885412; KRTBCOOKIE_377=6810-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&22918-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&23031-d5d863bf-fdb6-4939-a2d1-4e447e72136f; KRTBCOOKIE_218=22978-YWtzCAAAAE1L1QAR&KRTB&23194-YWtzCAAAAE1L1QAR&KRTB&23209-YWtzCAAAAE1L1QAR&KRTB&23244-YWtzCAAAAE1L1QAR; KRTBCOOKIE_594=17107-RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003; KRTBCOOKIE_188=3189-d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553; KRTBCOOKIE_22=14911-4055899242351198607; KRTBCOOKIE_699=22727-AALYB07C1uYAABzG-ddD5w; SPugT=1634431759; chkChromeAb67Sec=2; DPSync3=1635638400%3A219_221_226_227_235_201_197%7C1634515200%3A174; SyncRTB3=1637020800%3A203%7C1635724800%3A35%7C1639612800%3A69%7C1635638400%3A8_56_57_166_189_22_234_222_99_231_230_3_54_161_176_204_7_88_165_81_13_233_21_71_55_220_104_5%7C1635033600%3A15_223_2%7C1635292800%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:22 GMT
content-type: text/html; charset=utf-8
content-length: 1
set-cookie: PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:22 GMT; path=/
x-lat: lhrpug004:0:341
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: openresty
date: Sun, 17 Oct 2021 00:49:22 GMT
content-type: text/html
content-length: 142
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:E7656671465E4441B1F9C307A395EA23
expires: Sat, 16 Oct 2021 00:49:22 GMT
cache-control: no-cache
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 8D85
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0

42 B
235 B

18ms
18ms

Document
image/gif

185.64.190.80

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

:method: GET
:authority: simage2.pubmatic.com
:scheme: https
:path: /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/
accept-encoding: gzip, deflate, br
cookie: KADUSERCOOKIE=66232E30-42A6-4224-8517-A35A018D9163; KRTBCOOKIE_336=5844-5628855933545395795; PUBMDCID=3; KRTBCOOKIE_57=22776-8665457160990187816; KRTBCOOKIE_80=22987-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&16514-CAESEDgYjtVALxcXupa74KkHkQw&KRTB&23025-CAESEDgYjtVALxcXupa74KkHkQw; KRTBCOOKIE_153=19420-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM&KRTB&22979-t93zzrbf9ZSs3f2euInon7DdpJ-s2vLPt90WW_XM; KRTBCOOKIE_409=22966-nZacCvJfQuKDelkq271YXqMR; KRTBCOOKIE_1101=23040-7019830952449669271; KRTBCOOKIE_27=16735-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&16736-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23019-uid:6ef3616b-7308-4900-a7a1-df41050a2857&KRTB&23114-uid:6ef3616b-7308-4900-a7a1-df41050a2857; KRTBCOOKIE_391=22924-6320315628426885412&KRTB&23263-6320315628426885412; KRTBCOOKIE_377=6810-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&22918-d5d863bf-fdb6-4939-a2d1-4e447e72136f&KRTB&23031-d5d863bf-fdb6-4939-a2d1-4e447e72136f; KRTBCOOKIE_218=22978-YWtzCAAAAE1L1QAR&KRTB&23194-YWtzCAAAAE1L1QAR&KRTB&23209-YWtzCAAAAE1L1QAR&KRTB&23244-YWtzCAAAAE1L1QAR; KRTBCOOKIE_594=17107-RX-d4d872b3-8627-4a9b-a53d-1b669f669020-003; KRTBCOOKIE_188=3189-d0cd4346-e0bc-4167-8f66-05634fd97076-616b730f-5553; KRTBCOOKIE_22=14911-4055899242351198607; KRTBCOOKIE_699=22727-AALYB07C1uYAABzG-ddD5w; SPugT=1634431759; chkChromeAb67Sec=2; DPSync3=1635638400%3A219_221_226_227_235_201_197%7C1634515200%3A174; SyncRTB3=1637020800%3A203%7C1635724800%3A35%7C1639612800%3A69%7C1635638400%3A8_56_57_166_189_22_234_222_99_231_230_3_54_161_176_204_7_88_165_81_13_233_21_71_55_220_104_5%7C1635033600%3A15_223_2%7C1635292800%3A63; KRTBCOOKIE_107=1471-uid:BlpTcOZw1MBUmy5; PugT=1634431762
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Sun, 17 Oct 2021 00:49:22 GMT
content-type: image/gif; charset=utf-8
content-length: 42
set-cookie: KRTBCOOKIE_860=16335-pdtY4Ek0TGhl93v7Ko92otiDcg0; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:22 GMT; path=/ PugT=1634431762; domain=pubmatic.com; SameSite=None; secure; expires=Tue, 16-Nov-2021 00:49:22 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Sat, 15-Jan-2022 00:49:22 GMT; path=/
x-lat: lhrpug006:0:460
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Sun, 17 Oct 2021 00:49:22 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=pdtY4Ek0TGhl93v7Ko92otiDcg0
Content-Length: 159
Connection: keep-alive

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame A622
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=66232E30-42A6-4224-8517-A35A018D9163&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=66232E30-42A6-4224-8517-A35A018D9163&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=66232E30-42A6-4224-8517-A35A018D9163&addseg=10,33,39

43 B
43 B

61ms
14ms

Image
text/plain

185.64.189.229

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=66232E30-42A6-4224-8517-A35A018D9163&addseg=10,33,39
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.229 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:22 GMT
content-length: 43
content-type: text/plain; charset=utf-8

Redirect headers

date: Sun, 17 Oct 2021 00:49:22 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=66232E30-42A6-4224-8517-A35A018D9163&addseg=10,33,39
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 141

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame A622
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent=

42 B
602 B

432ms
432ms

Image
image/gif

77.243.60.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:21 GMT
frontend-id: 0
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 17 Oct 2021 00:49:21 GMT
frontend-id: 9
location: /pubmatic/1/info2?sType=sync&sExtCookieId=66232E30-42A6-4224-8517-A35A018D9163&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame A622 95 B
176 B 31ms
27ms Image
image/png 172.67.13.182

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=66232E30-42A6-4224-8517-A35A018D9163
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.13.182 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:22 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 69f586d0ca4d2774-PRG
access-control-allow-headers: *
content-length: 95

GET
H/1.1

200

p
a.audrte.com/ Frame A622
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=66232E30-42A6-4224-8517-A35A018D9163
https://a.audrte.com/p

68 B
617 B

95ms
95ms

Image
image/png

34.192.120.237

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.192.120.237 -, , ASN (),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sun, 17 Oct 2021 00:49:22 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Sun, 17 Oct 2021 00:49:22 GMT
Server: nginx/1.18.0
Access-Control-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame A622
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=11932672-2ee4-11ec-ac0e-8fc96b43e81e&gdpr=0&gdpr_consent=

1 B
214 B

19ms
18ms

Image
text/html

185.64.190.80

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=11932672-2ee4-11ec-ac0e-8fc96b43e81e&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 17 Oct 2021 00:49:22 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug002:0:461
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=11932672-2ee4-11ec-ac0e-8fc96b43e81e&gdpr=0&gdpr_consent=
Date: Sun, 17 Oct 2021 00:49:21 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 11932673-2ee4-11ec-ac0e-8fc96b43e81e

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEJuOn_CyApalf_FC06NhJN8&google_cver=1&google_push=AYg5qPI-py5dN8Xjy43hbeKnnA5V68Xww6lvTAPWCblcLUCe_tmdQk5HtntdxUp-pIlzEparn4c7S-ZYlIQkkjCfDNzjRbsQKAc

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP

Verdicts & Comments Add Verdict or Comment

156 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

63 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.anotepad.com/	1970-01-20 15:31:43	Name: _ga Value: GA1.2.745146848.1634431751
.anotepad.com/	1970-01-19 22:01:58	Name: _gid Value: GA1.2.1171446714.1634431751
.anotepad.com/	1970-01-19 22:00:31	Name: _gat_gtag_UA_8870545_1 Value: 1
anotepad.com/	1969-12-31 23:59:59	Name: fsbotchecked Value: true
anotepad.com/	1970-01-20 07:30:46	Name: __atuvc Value: 1%7C42
anotepad.com/	1970-01-19 22:00:33	Name: __atuvs Value: 616b73063f913b39000
.addthis.com/	1970-01-20 07:30:46	Name: uvc Value: 1%7C42
.addthis.com/	1970-01-20 07:30:46	Name: loc Value: MDAwMDBFVURFSEUyMzAxMTg4NzAwMzAwMDBDSA==
.scorecardresearch.com/	1970-01-20 15:17:19	Name: UID Value: 1AM4IQI0OHTXLPJTZ7NJLHg1634431751
anotepad.com/	1974-12-24 22:00:31	Name: _fssid Value: 72b3d1ca-bf79-420f-a86a-118359581045
.openx.net/	1970-01-20 06:46:07	Name: i Value: f2df457a-5706-461c-9d83-5866a76709be\|1634431751
.adnxs.com/	1970-01-20 00:10:07	Name: uuid2 Value: 8665457160990187816
.rubiconproject.com/	1969-12-31 23:59:59	Name: rsid Value: 1\|HsGqLFsFr/vVSy6g0MQzNQWiuYBcZJvAvCF6IsCkVVwnwYaQOmrhRqqbYb+IjI/LQRqus1OnYX6qF0anVSaRRFrEpFc6uQw19gMkasvdREJwzG6qEKdWU6r+VKDRWVv/VO/a+hEPPQ==
.investingchannel.com/	1970-01-20 15:31:43	Name: ic_uid Value: 71a80403-9562-4140-a6d9-972d8c2c0d07
.adnxs.com/	1970-01-20 00:10:07	Name: icu Value: ChgIodc0EAoYAiACKAIwh-atiwY4AkACSAIQh-atiwYYAQ..
.mantisadnetwork.com/	1970-01-23 13:39:24	Name: uuid Value: 9a9f955e-cab9-4236-957b-8e19077c958e
.rubiconproject.com/	1970-01-20 06:46:07	Name: khaos Value: KUUIGR0U-26-FH9K
.rubiconproject.com/	1970-01-20 06:46:07	Name: audit Value: 1\|naVuGyos1qrYQUabZYwirwPDp1MUg9c70YlWV8+OAWnu4zDRmdQdE8SFRDiejdK/4ICd6Q+AmJtaZo7MRB/uMtAPlTu0R9RN
.quantserve.com/	1970-01-20 07:30:46	Name: mc Value: 616b7308-1829e-311a3-67c61
.anotepad.com/	1970-01-20 07:25:00	Name: __qca Value: P0-1253494163-1634431752060
.krxd.net/	1970-01-20 02:19:43	Name: _kuid_ Value: ObOD7BNF
.eyeota.net/	1970-01-20 06:46:07	Name: mako_uid Value: 17c8bb9587f-2c150000010f5f9e
.eyeota.net/	1970-01-19 22:00:32	Name: SERVERID Value: 24478~DM
.rlcdn.com/	1970-01-20 06:46:07	Name: rlas3 Value: UV88+2cGujbDQjS9K15UBi7Hr468x+WA65iZbY+x+Sc=
.rlcdn.com/	1970-01-19 23:26:55	Name: pxrc Value: CAA=
.pubmatic.com/	1970-01-19 22:01:58	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 00:10:07	Name: KADUSERCOOKIE Value: 66232E30-42A6-4224-8517-A35A018D9163
.doubleclick.net/	1970-01-20 15:31:43	Name: IDE Value: AHWqTUkSCmQsdPFQ31v_wAPHeFq63RSE0BqeaATgA2xD4JXvUPjwn-GqDOeNqq0Yu5I
.adsrvr.org/	1970-01-20 06:46:07	Name: TDID Value: d5d863bf-fdb6-4939-a2d1-4e447e72136f
.pub.network/	1970-01-20 15:32:25	Name: _fsuid Value: d0c2f326-8d19-4b29-bc68-701e995ee884
.turn.com/	1970-01-20 02:19:43	Name: uid Value: 4055899242351198607
.mathtag.com/	1970-01-20 07:26:26	Name: uuid Value: 6ef3616b-7308-4900-a7a1-df41050a2857
.everesttech.net/	1970-01-20 06:46:07	Name: everest_g_v2 Value: g_surferid~YWtzCAAAAE1L1QAR
.adsrvr.org/	1970-01-20 06:46:07	Name: TDCPM Value: CAESEwoEa3J1eBILCM6B5oG_xIg6EAUYASABKAIyCwjIp8Oy1cSIOhAFOAFaBmV5ZW90YWAC
global.ib-ibi.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 3boqgzw3uyxwcnyar5yd15nb
.criteo.com/	1970-01-20 07:22:07	Name: uid Value: 1ef33811-47b4-4065-ae9b-5eebc2911e18
.anotepad.com/	1970-01-20 07:22:07	Name: cto_bundle Value: o5r_RV9jTWJKNE5GJTJCN2FWQXhnbjJmUTZJOU9Hem9wc1klMkZra1NVSTFDalpkRGRoRHgxVCUyRlNQNUl0c2JUT0o1SnBVeVdsSWo5M28wcXQxZ1pGMHUyU3h4ckFSJTJGNGNSd05iZCUyQjZhVEVpMUxjZWRtS2x2T2I2ZlBEU2ZXWWJ0cyUyRmppcmNGcHVmMU5vM3BZbzRyS1BmQjVqTGVwWVElM0QlM0Q
.media.net/	1970-01-20 06:46:07	Name: visitor-id Value: 2774333539306950000V10
.media.net/	1970-01-19 22:20:41	Name: data-g Value: CAESECbnNLDAUwnWIgbsNpAJkk8~~3
.media.net/	1970-01-20 02:26:55	Name: gdpr_status Value: 1
.smartadserver.com/	1970-01-20 07:30:46	Name: pid Value: 3325762382065865149
.de17a.com/	1970-01-20 06:38:55	Name: guid2 Value: 1.5628855933545395795
.anotepad.com/	1970-01-20 07:22:07	Name: __gads Value: ID=ea2c31c2bb754d5b:T=1634431753:S=ALNI_MYUhRGGR4BREyHVDIhOFf5zfP3WCg
.ops.beeline.ru/	1970-01-20 06:33:10	Name: BeeAID Value: bf4e3d4b-f6b0-45bd-946c-ed47f98b0608
ib.mookie1.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: 0ahmmntoteny1cph25kapyvc
.ib.mookie1.com/	1970-01-20 06:46:07	Name: ibkukiuno Value: s=b0a2caee-8fdb-411a-a50a-a6dddc4be262&h=&v=7763059931&l=-8585671751119804089&op=&hl=0&vlu=3&tcs=1&dcc=-8585671751119804089
.ib.mookie1.com/	1970-01-20 06:46:07	Name: ibkukinet Value: 3632493069=-8585671751119804089
fksnk.com/	1970-01-19 22:10:36	Name: AWSALBCORS Value: b4N0+kebQ/OuimGQ/s+TcUR2BhAIsHoGVPwUUUsTZDdZHWVHGpW4V7ILSx87AzCf/6/QA5X+7veGLgCcRp88uDTtJ++iNyA/9ngeoXoMB8ymb5nUbRrEWRHly850
.fksnk.com/	1970-01-20 00:10:07	Name: f_001 Value: 1A04DE4EEFD7136D
.fksnk.com/	1970-01-19 22:01:58	Name: g_001 Value: 1
.quantserve.com/	1970-01-20 00:10:07	Name: d Value: EHwBCQHAJIEA
.casalemedia.com/	1970-01-20 06:46:07	Name: CMID Value: YWtzCu2Nagi4IazFOt3d-AAA
.casalemedia.com/	1970-01-20 00:10:07	Name: CMPS Value: 5195
.sharethrough.com/	1970-01-20 06:46:07	Name: stx_user_id Value: d5a0cbd5-e92e-46c6-b901-082d0bbda059
.simpli.fi/	1970-01-20 06:47:34	Name: suid Value: E7656671465E4441B1F9C307A395EA23
.yahoo.com/	1970-01-20 06:46:29	Name: A3 Value: d=AQABBApza2ECEKVNdgWCNPf8Q612htxmB_4FEgEBAQHEbGF1YQAAAAAA_eMAAA&S=AQAAAo-UNWEOza9oQ6iBL_RlnVc
.casalemedia.com/	1970-01-20 00:10:07	Name: CMPRO Value: 1124
.casalemedia.com/	1970-01-19 22:01:58	Name: CMST Value: YWtzCmFrcwoA
.doubleclick.net/	1970-01-19 22:00:35	Name: DSID Value: NO_DATA
.lijit.com/	1970-01-20 06:46:07	Name: ljt_reader Value: a9a1a55b7ecf9ca692c01f92
.analytics.yahoo.com/	1970-01-20 06:47:34	Name: IDSYNC Value: 18yx~2100
.zemanta.com/	1970-01-20 06:46:07	Name: zuid Value: s3k92SvSaR6NlWwKyoE0
.tribalfusion.com/	1970-01-20 00:10:07	Name: ANON_ID Value: a4nseFSZdIiiSTnMSYlNl4XG9F9XaYXZaQXZd1Snvqt0uRgJK5WJuFEG8GeILj6sBCY3e0tEyRhvW4m3navwI3U

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://idsync.rlcdn.com/398696.gif?partner_uid=5791768784645604040 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YWtzCu2Nagi4IazFOt3d_AAABGQAAAIB&google_gid=CAESED6veHrDSm0e94WPecNF6PI&google_cver=1&google_push=AYg5qPIjbpPZbtpqcCcNVuIwfR-qmJtCKKFp2WlSUnO7ckxIEdSHqmq5-ww2chqn1JvKbZtNLtBsZCDr0cdOpTV6ukATAnbuOzuP Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://ad4m.at/ad/dpe?b=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjkmdGw9MTI5NjAw&piggybackCookie=$UID Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

65ad62668028a68bc84fb4b38a0c5b1d.safeframe.googlesyndication.com
a.audrte.com
a.pub.network
a.tribalfusion.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.playground.xyz
ads.pubmatic.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
ajax.googleapis.com
anotepad.com
ap.lijit.com
api.btloader.com
aud.pubmatic.com
b1sync.zemanta.com
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bidder.criteo.com
btloader.com
btlr.sharethrough.com
c.pub.network
c1.adform.net
c2shb.ssp.yahoo.com
cc.adingo.jp
cdn.anotepad.com
cdn.krxd.net
cm.adgrx.com
cm.g.doubleclick.net
cm.smadex.com
cms.quantserve.com
consumer.krxd.net
cs.media.net
csync.loopme.me
d.pub.network
d.turn.com
d5p.de17a.com
dggaenaawxe8z.cloudfront.net
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
ecs.mantisadnetwork.com
eu-u.openx.net
eus.rubiconproject.com
fastlane.rubiconproject.com
fei.pro-market.net
fksnk.com
freestar-d.openx.net
freestar-io.videoplayerhub.com
global.ib-ibi.com
google.ops.beeline.ru
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
green.erne.co
grid.bidswitch.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
ib.mookie1.com
id.rlcdn.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js-sec.indexww.com
lh6.googleusercontent.com
m.addthis.com
mantodea.mantisadnetwork.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.bnmla.com
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
mwzeom.zeotap.com
nep.advangelists.com
odr.mookie1.com
p.rfihub.com
pagead2.googlesyndication.com
pghub.io
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.yabidos.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pre.glotgrx.com
ps.eyeota.net
pubmatic-match.dotomi.com
px.owneriq.net
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.ad.smaato.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
s7.addthis.com
sb.scorecardresearch.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
stackpath.bootstrapcdn.com
stags.bluekai.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tagan.adlightning.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
uat5-b.investingchannel.com
uipglob.semasio.net
um.simpli.fi
um2.eqads.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
v1.addthisedge.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
z.moatads.com
cm.g.doubleclick.net
google2waycm.netmng.com
hbopenbid.pubmatic.com
s7.addthis.com
104.109.78.125
104.111.215.191
104.111.242.53
104.16.201.58
104.16.63.54
104.18.10.207
104.18.12.5
104.21.192.118
104.26.1.139
104.26.10.209
104.26.7.139
104.75.88.126
107.178.240.89
13.224.193.29
13.224.193.5
13.224.194.76
13.225.87.102
13.225.87.28
13.225.87.30
13.225.87.65
130.211.23.194
142.250.181.226
142.250.184.198
142.250.185.130
142.250.185.193
142.250.185.65
142.250.185.97
142.250.186.130
142.250.186.142
142.250.186.166
142.250.186.170
142.250.186.35
146.59.148.16
151.101.1.44
151.101.194.133
151.101.2.133
151.101.2.49
159.253.128.183
162.55.6.212
172.217.23.100
172.67.13.182
172.67.69.19
178.250.2.130
178.250.2.131
178.250.2.146
178.250.2.151
178.62.202.251
18.156.0.31
18.185.143.19
18.192.135.64
18.198.220.83
184.31.84.150
185.29.132.245
185.33.221.53
185.33.221.87
185.64.189.114
185.64.189.115
185.64.189.229
185.64.190.80
185.86.137.110
185.86.138.132
193.0.160.129
198.148.27.140
2.18.232.130
2.18.233.180
2.18.234.21
2.18.235.40
2.18.235.93
207.244.104.157
209.54.176.128
212.82.100.176
213.155.156.169
213.19.147.44
213.19.162.61
216.52.2.39
216.58.212.130
216.58.212.136
3.115.67.144
3.120.29.221
3.127.178.105
3.214.91.80
34.149.20.76
34.192.120.237
34.98.107.212
34.98.64.218
34.98.67.61
35.157.246.167
35.158.37.68
35.186.253.211
35.201.71.192
35.201.96.126
35.241.45.217
35.244.174.68
37.157.4.25
37.9.245.57
38.27.122.158
38.91.45.7
46.228.164.11
46.228.164.13
50.16.141.46
52.16.151.94
52.18.52.16
52.202.13.238
52.3.207.70
52.48.144.237
52.57.27.215
52.71.90.26
54.208.142.27
54.90.144.255
54.90.48.240
54.93.151.69
63.33.113.238
64.202.112.31
64.233.166.154
64.58.232.179
66.155.71.150
67.202.105.23
69.169.86.39
69.173.144.139
72.251.241.196
76.223.111.131
77.243.60.138
85.114.159.93
87.248.118.22
89.207.16.140
91.228.74.226
94.23.73.243
00a1081b52175533a7f3b857f50cd13add6909e438464b56998e51d827ada440
01e18d1f628f0b912efc3c77c4b6b7b1f5decb50ecdb73d93c575a6c48fa14cb
03357e64ce1abe69e09ec26ec18fcc7d46b47c886733e4d2efe0a1f50a8f6e17
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb775e23934c5478dab7517dbf8a614834c96e926c4498b734399eb8a2e640d
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c0964d104665d8a24b6c887321de9cfc2513e6be1b86014d71969dca9a04ac0
0cdcea0da2bb7cd99b76f54f32e74b203b5d345c6f8905089e0544a2f35cb041
0ce5ab0260a7860ea167511114f1b2a1a8c5dff2b1a3885e2c2e70fb54c4e7a9
0e9b9539e9d16124e17da2dde795221f188b4fafd92a330d87244fa210338882
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15ffcaba4bf6292d6fee45f1bf4a1dec2861486047013f479e905006acab6992
16cb05a8bd7780c8f68b9fd50cfc79b85f9d99c076037a03ae194ed271ec5733
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1975f244719819d2705695a678f430e12b40a406cbcabd762368a98aa56615ee
1a275f22ae21d927111493e63b14820d72d4df0bde5e408e95e8d9705aa2bd92
1b337997e748619db4d0e9abfe087c2c050d93003b88eedaa9515857a6c58312
1b4e852fde612daeb72f1f4cca801a99cc2730875048c5ac3faa9f5ca5854155
1c3d57a4ca36168fa3fa9f02abe09eab215fef873be8b6f41715774bc1563245
21c2ffd720c22f2095ce309e1871d72cf2ae40ba9c95b0eb408a9a54f25188cf
250d253bc7274dc0cf6fab5cfb792ff150a8c95ebe3b7da7fa4ac03fda2b49e0
2581d556ceadd8cdd3eb15509ff94501871552563a71381393fc7b59611cbc1e
29d1e5453401263d835235fd249bf5891fbc3ffcecd82cc3fed01f7b79770d5a
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2c9adacf90f2c434aef36301ba50b24bfe9b10651508fd1ff8880247106872c1
2d452ca7bf499867307ebfa48373084a42e1f56ec0a26e5bb2e12f01888c3cc9
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f0285c36c9607a8293ab66e62b9b5207d3f2f954e96756ae888f3784d537935
2f4f646ee9e19b2239714b2447f3da96fae866a1e78d533de93603327537ba44
34f56681a2444c38fd80aef6fe24618f292be66752121647cb4d3fa8bb91fb11
35b53b6b1521cdc597fcae00ee5cecd6eeb2f60b04ef45632991b501c4cf2b84
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3739f7e3f233afefaaf897a2c109cd3dcce3799125f58957b4a622b610511a63
39c6ec590be39bedd2592cbd4130f22e0d758b15ccb5c4be6f3569ce29df3247
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9
3c9b392cecc6283f4f58277dd0a7335ff25ce23c4ffec1430d58455d06e89ae2
3d1246d2fe982f57c0a911530b2fa93a679e42c0d897151f39cffa4762c55f5d
3d510e16e6e569e573980fd67a55221795d539fd56688ecaca8d284255e86ee6
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3fe59eff4e7741bcb650f03f35eb3d01b3c367523550b9764f3d0b65ce8a10ff
40e0c6c7cca7134b3790a2684efaa91006a2759e7208e9c54957f5d88e52e6a7
41d9de265e720a301cbd9c525fa7089a677e0b099b422579a401516212b5add3
420587b0545b37a2595ee8246d138c2c15df98192d0bc33badaafb502f52e25e
42b601bc0d93dfca6e350b46d113bf8e7ff9e40a87a0c57ab9b3c9c219062423
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
443d41c905362e5073c79212ec86c5f69ddcfbc38f5530c6409b73c604e74259
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4cf833ad810353e51902d525ca24914b6056a1c38b29b03f8315c6757d485362
4cf8b4da854cac70fb514c2d255e93904353bda1fcc7229de2f59d5971d83028
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5195609afbc1fca03f3200b50d97a90a8eb0e4652108db990a1aa9a1c9f7a0af
543ca4ac0d14531b1ad4779a6338f0f4c60899e75f0c85c811cab2db7269245a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
56d9b1d7d2b3dd71909098a493ff90edbbb988ef3a9da670f9e8ba509f707925
57a8bba3fa74a3ab019d88585e0a1cc5e18c07c5ffc17873d4919adcc553a01b
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
5b2f31e6283f41b50112dbf9da83c321784c2f8879e49a1024b5eab9e6626bc8
601796e00f0a45029a5174616618941016a89d198b8339d6d90293e4aa7ecf63
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
62a69105c0293b4b26df6051c8c655890a6eb9ea27c63557f2e022c333dc25a4
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122
6fdafcd0b7e61e259b95fa4864f9ca2d02e8c0c3187a162e95b492e6ce4f398b
7331d9dce39e7c58559ad75a2a4dc5bdd713291c2a522130188e732fe3f8ff5a
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
7ee50d544c6957706630ecda4b5c7a2b6bd5479f9edbfc4478664c8a1c0e6490
7f9164a13476744c911fea7dbab9a2924750f69f82ec1d51d2a09e64638952c0
7f941b8c4190696ffe563cd65d648faee92c126c608c71e2b0bfa1a3b2129a1e
7fdbedfdbfe2994c1fbd6a1aa50f8e7f5adfdf3080d2d2d4c67eafc468d3378f
812120e5ae14c01f8e582a6f65d8edd5be512183469167e1b4aa44babf4f16fd
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87ce4cc30530348882f7ec9e07ca8a24e704140aef3ef8260c3272598081c99b
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a152fa7d63042de67cd9f5f88a298cb1745da2f35510fadade49f651de13dc9
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dd2b01be72e550471c100d7bb7a992765d4cb28dbefc5cbdf9015c73825524e
8e42d6e5244e53b8bb26ce7c431b110ea07a3adaf49f5cf9c06deb3935b544ce
9005ef18fcfb3897cd13c7ec73f90d2b0da0cc7d6153be58cdbe90ad5e2741c8
922851ab1a5fce51fbdb9306f1329bf8e80919b6c443b38792b183da23d15314
92e649098eefaf82db65282d7cbb4e65c738aca33c3fc8073a9c770fbcb0623d
9413ac70f0dfa293eae8e934799be6a1cde8cd96db876ce9bd127c41630847ee
95d57cd7cf806f7238708d78b7b4b731161658ce14b5d594cafa9bd7e02c68b3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a096b9f9a7b79e0bcda28f9c7a443c211242d9613b77fea6222acf440d9f6ddb
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2ea7c2ec8e9d9cedd3508d75e3882f5d2a05bfa7b17393310bd735b5c1d3118
a3f5fe43cf3b943aa4ef647e87d8189c61b971c177cb3a6f3e88076fd4b2b9df
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a9ec40d0e7cd6d34c30d396de287c04c42c0c2e7f72cb6d941b2ca664a367f38
ac828be9eacb996ccdf11871690f6b8b83aadcb4deac680f260678056051707e
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ec3db0c3ffe01385ebd2fa36b83708e505fada5609f9859a8e04a9cbdcaefd
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
bad0fc7d947cceb34f0d759dc25bca4b939db10f864fd9a93bb16bf9c13b620d
bc6ff9223e4d2596d566268618cf97e62043d1a3390629f94a397b34277ed83e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4cbcc68d7a949e09034b1bdf19f4da6d9727b7f0d91bfaa146579d84d027f25
c617e91f6e46158e3d94ba5517689a66530cd5bb62f6dc4f139dbe8edfd2a422
c6420ab9ec6ebff1cd61333dade6ba9ac879d3617a59334148672dee6af12fec
c8d3e8d5a63342e67192e0364331351a3cc6b3039c8695efe0c9fe6cd4efa60a
ca4a64f25051d73e715e78148b0d5e8f9b9bcc30d1f7555ac7739fb69fc919c6
cd5da7545ecdc273ff0310060da81e975f110e3083da7773500a593da4f01563
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4a94eb43ba2249f27baca81f05255d197685aaf4d7814a1fb7fd9eac4f81b16
d60560d22e6264effb7f9b776f7e377ec41642d25d7e123f7b0ee603d83e6385
d766831f2637a7f23f8d1507b338a64589c9aa9ab83243e87041c2192cbf1d22
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
d9eaadc40e16c4af57c957487408e1b12c752395671de3dfbefa8a0ce37eb987
da3c5a2e809324e17c200da5501c0504fa5abe3acbd74dc7b53f4d61a06b66c6
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
df81f27eecd20dc520adc28394b76f0af92e595f2b0bf085abaeff111b48e84b
e1023fc5b7b2cb762dd4ad14fcf4787fa945fca4a37518cd0d6b411c248dc201
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e672c9bb4feb8c67587634fbd730cfd3adbbd8c3a8b29d4b8f97d3caa1e30e5c
e8de481630ed7fc7d00ae57f15de060d73817e3c6490e51c526ece3799984be2
eb7da428be5ab87a4c392c0355bba3baf24cbc7bc8c1128ab5d38b440e617498
ebda2962adf78697c290fe6eec1c4edcb127002d677867f4e99b5c30313a9efc
ecc20ed3c5dedbe5bbe73d1e7b14270c65a85f7d0ec4c94c4f0c9f0071e471a2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efdd211a38482dcf155a40ed7e2f6526d0a0040c1bbd6571d0e14a54b5b43f56
f45f42097ab97da2bd3034f5f7331e2283a38f7147638825cd71912fe8dcbbb6
f4726d988effd5253298f2a2738ca92d780d4105af0ce67eb7e7d1c748fb6909
f6bde1ecec9ad90f8c99ba8e179e083ac62f64679c264a9b10a71fe52c7289e2
fce54832cbada03e8d9e1226e58298b4fe3da17f9585bfa3f850cbcff6f27fe4
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd6cc7e5a8fcd221985ed5a97b5c58bcb333f508e04510254952002f0689a6d2
fd8c061545c2527ecbb118b19e93e32e8670e3648292ba82e791a8859f8bf3f7
febd5ef7ac4fba60c6ef5c197f7db08aa27dfe90a2dd777419bdbb33c496a88b

anotepad.com Open in urlscan Pro 207.244.104.157 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

321 Requests

98 %HTTPS

0 %IPv6

99 Domains

150 Subdomains

86 IPs

10 Countries

2285 kBTransfer

5580 kBSize

63 Cookies

9 Outgoing links

Redirected requests

321 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

anotepad.com Open in urlscan Pro
207.244.104.157 Public Scan

Screenshot
Live screenshot

Full Image

321
Requests

98 %
HTTPS

0 %
IPv6

99
Domains

150
Subdomains

86
IPs

10
Countries

2285 kB
Transfer

5580 kB
Size

63
Cookies

321 HTTP transactions
6 data transactions