windowsapp.com.se Open in urlscan Pro
2606:4700:3030::6815:2a91 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://windowsapp.com.se/1058455218/hogia-mypayslip
Submission Tags: falconsandbox
Submission: On March 16 via api (March 16th 2022, 2:51:51 pm UTC) from US — Scanned from DE

Summary HTTP 310 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 70 IPs in 13 countries across 57 domains to perform 310 HTTP transactions. The main IP is 2606:4700:3030::6815:2a91, located in United States and belongs to CLOUDFLARENET, US. The main domain is windowsapp.com.se.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 18th 2022. Valid for: a year.

This is the only time windowsapp.com.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	2606:4700:303... 2606:4700:3030::6815:2a91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
2	209.50.60.88 209.50.60.88	25697 (UPCLOUDUSA) (UPCLOUDUSA)
3	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
13	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:288::2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2b7::2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a02:26f0:6c0... 2a02:26f0:6c00:2ab::2a1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 7	2a02:6b8::1:119 2a02:6b8::1:119	208722 (YNDX) (YNDX)
3	2606:4700:310... 2606:4700:3108::ac42:2b03	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 8	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	51.89.21.20 51.89.21.20	16276 (OVH) (OVH)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
4 4	23.37.42.132 23.37.42.132	16625 (AKAMAI-AS) (AKAMAI-AS)
14	104.92.74.8 104.92.74.8	16625 (AKAMAI-AS) (AKAMAI-AS)
9	37.157.3.28 37.157.3.28	198622 (ADFORM) (ADFORM)
9	2606:4700:20:... 2606:4700:20::681a:9b2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
3	35.158.25.241 35.158.25.241	16509 (AMAZON-02) (AMAZON-02)
6 16	185.33.221.13 185.33.221.13	29990 (ASN-APPNEX) (ASN-APPNEX)
6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:272	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	54.36.238.155 54.36.238.155	16276 (OVH) (OVH)
3	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	185.86.139.59 185.86.139.59	201081 (SMARTADSE...) (SMARTADSERVER)
3	145.40.89.200 145.40.89.200	54825 (PACKET) (PACKET)
2 13	188.42.191.196 188.42.191.196	7979 (SERVERS-COM) (SERVERS-COM)
3	2602:803:c003... 2602:803:c003:200::61	26667 (RUBICONPR...) (RUBICONPROJECT)
5 11	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400e:801::2001	15169 (GOOGLE) (GOOGLE)
7 13	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3602:c713:d832:3f91:5c2a	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
2 3	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
2 4	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 3	52.94.223.167 52.94.223.167	16509 (AMAZON-02) (AMAZON-02)
2	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
21	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
22	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
3	159.89.25.223 159.89.25.223	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3 5	104.102.29.65 104.102.29.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
19	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700::68... 2606:4700::6812:c05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	50.31.142.31 50.31.142.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2 2	198.47.127.19 198.47.127.19	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
6	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
3	104.102.28.239 104.102.28.239	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	104.17.119.107 104.17.119.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8 8	18.185.12.233 18.185.12.233	16509 (AMAZON-02) (AMAZON-02)
4 4	193.232.150.69 193.232.150.69	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1	88.99.28.61 88.99.28.61	24940 (HETZNER-AS) (HETZNER-AS)
5 5	31.172.81.160 31.172.81.160	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
2 2	31.172.81.158 31.172.81.158	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1	31.200.251.83 31.200.251.83	61400 (NETRACK-AS) (NETRACK-AS)
2 2	89.108.119.43 89.108.119.43	197695 (AS-REG) (AS-REG)
1	31.172.81.172 31.172.81.172	44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net)
1 2	2001:6d0:4001... 2001:6d0:4001::226	52016 (TNSMSK-) (TNSMSK-)
1	146.0.227.110 146.0.227.110	20773 (GODADDY) (GODADDY)
1 9	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
1 1	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
1 2	52.59.41.116 52.59.41.116	16509 (AMAZON-02) (AMAZON-02)
1	185.86.137.121 185.86.137.121	201081 (SMARTADSE...) (SMARTADSERVER)
1	198.47.127.18 198.47.127.18	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	3.64.119.154 3.64.119.154	16509 (AMAZON-02) (AMAZON-02)
1 2	2a02:6b8::90 2a02:6b8::90	208722 (YNDX) (YNDX)
1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
310	70

13 2606:4700:3030::6815:2a91 (United States)

ASN13335 (CLOUDFLARENET, US)

windowsapp.com.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.50.60.88 (Phoenix, United States)

ASN25697 (UPCLOUDUSA, US)
PTR: 209-50-60-88.us-sjo1.upcloud.host

appfurpc.com.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:288::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

is3-ssl.mzstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2b7::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

is4-ssl.mzstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:2ab::2a1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

is1-ssl.mzstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:6b8::1:119 (Moscow, Russian Federation) 3 redirects

ASN208722 (YNDX, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3108::ac42:2b03 (United States)

ASN13335 (CLOUDFLARENET, US)

stpd.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:1::13 (France) 4 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.21.20 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p14.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.42.132 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-42-132.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.92.74.8 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.157.3.28 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:20::681a:9b2 (United States)

ASN13335 (CLOUDFLARENET, US)

prebid-stag.setupad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.184.8.65 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.158.25.241 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-158-25-241.eu-central-1.compute.amazonaws.com

hb.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.33.221.13 (Amsterdam, Netherlands) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

setupad-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:272 (United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.36.238.155 (France)

ASN16276 (OVH, FR)
PTR: ip155.ip-54-36-238.eu

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.86.139.59 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 145.40.89.200 (Ashburn, United States)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 188.42.191.196 (Luxembourg) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::61 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 69.173.144.165 (Frankfurt am Main, Germany) 5 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400e:801::2001 (Ireland)

ASN15169 (GOOGLE, US)

0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.194 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3602:c713:d832:3f91:5c2a (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 209.54.180.144 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.94.223.167 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.89.25.223 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

node.setupad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.102.29.65 (Milan, Italy) 3 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-29-65.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:3175:5196:e3fd:8c1d (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:c05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.31 (Riverdale, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.102.28.239 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-102-28-239.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.119.107 (None, )

ASN13335 (CLOUDFLARENET, US)

biddr.brealtime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.185.12.233 (Frankfurt am Main, Germany) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-12-233.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 193.232.150.69 (Russian Federation) 4 redirects

ASN48061 (UMA-TECH-AS, RU)
PTR: smtp13.sender.ltmse.com

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.99.28.61 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.61.28.99.88.clients.your-server.de

sync.dmp.otm-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 31.172.81.160 (Germany) 5 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.172.81.158 (Germany) 2 redirects

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.adsniper.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.200.251.83 (Russian Federation)

ASN61400 (NETRACK-AS, RU)

cache.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 89.108.119.43 (Russian Federation) 2 redirects

ASN197695 (AS-REG, RU)
PTR: d51370.reg.regrucolo.ru

x01.aidata.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.172.81.172 (Germany)

ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)

sync3.sniperlog.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:6d0:4001::226 (Russian Federation) 1 redirects

ASN52016 (TNSMSK-, RU)

www.tns-counter.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (Ascension Island)

ASN20773 (GODADDY, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 51.89.9.253 (London, United Kingdom) 1 redirects

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.245 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.3.30 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.59.41.116 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-41-116.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.121 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.18 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.64.119.154 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-64-119-154.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:6b8::90 (Moscow, Russian Federation) 1 redirects

ASN208722 (YNDX, FI)

an.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (Norway)

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com 0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com 9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 tpc.googlesyndication.com — Cisco Umbrella Rank: 122	224 KB
35	rubiconproject.com 9 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 944 eus.rubiconproject.com — Cisco Umbrella Rank: 503 fastlane.rubiconproject.com — Cisco Umbrella Rank: 412 pixel.rubiconproject.com — Cisco Umbrella Rank: 289 pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2193 token.rubiconproject.com — Cisco Umbrella Rank: 595	79 KB
28	doubleclick.net 7 redirects pubads.g.doubleclick.net — Cisco Umbrella Rank: 494 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276	475 KB
19	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	324 KB
19	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 205 acdn.adnxs.com — Cisco Umbrella Rank: 523	64 KB
18	criteo.com 4 redirects gum.criteo.com — Cisco Umbrella Rank: 347 mug.criteo.com — Cisco Umbrella Rank: 3185 bidder.criteo.com — Cisco Umbrella Rank: 689	11 KB
14	betweendigital.com 2 redirects ads.betweendigital.com — Cisco Umbrella Rank: 1509 cache.betweendigital.com — Cisco Umbrella Rank: 17967	9 KB
13	com.se windowsapp.com.se	79 KB
11	adform.net 2 redirects adx.adform.net — Cisco Umbrella Rank: 4064 cm.adform.net — Cisco Umbrella Rank: 1775 dmp.adform.net — Cisco Umbrella Rank: 2334	5 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 343	221 KB
9	onetag-sys.com 1 redirects onetag-sys.com — Cisco Umbrella Rank: 797	4 KB
9	openx.net setupad-d.openx.net — Cisco Umbrella Rank: 40071 rtb.openx.net — Cisco Umbrella Rank: 1359 u.openx.net — Cisco Umbrella Rank: 621	1 KB
9	setupad.net prebid-stag.setupad.net — Cisco Umbrella Rank: 31581	15 KB
9	4dex.io script.4dex.io — Cisco Umbrella Rank: 1689 mp.4dex.io — Cisco Umbrella Rank: 2262	70 KB
8	bidswitch.net 8 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	4 KB
8	google.com adservice.google.com — Cisco Umbrella Rank: 57 www.google.com — Cisco Umbrella Rank: 2	2 KB
6	criteo.net static.criteo.net — Cisco Umbrella Rank: 600	177 KB
6	amazon-adsystem.com 4 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 260 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1352	5 KB
6	emxdgt.com hb.emxdgt.com — Cisco Umbrella Rank: 1565 cs.emxdgt.com — Cisco Umbrella Rank: 806	478 B
5	bumlam.com 5 redirects sync.bumlam.com — Cisco Umbrella Rank: 2702	3 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	5 KB
5	yandex.com 2 redirects mc.yandex.com — Cisco Umbrella Rank: 28691	2 KB
5	mzstatic.com is3-ssl.mzstatic.com — Cisco Umbrella Rank: 1720 is4-ssl.mzstatic.com — Cisco Umbrella Rank: 1743 is1-ssl.mzstatic.com — Cisco Umbrella Rank: 1644	93 KB
4	adhigh.net 4 redirects px.adhigh.net — Cisco Umbrella Rank: 11171	2 KB
4	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 293	1 KB
4	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1227 ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 2242	1 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	118 KB
4	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 2926 an.yandex.ru — Cisco Umbrella Rank: 2490	69 KB
3	brealtime.com biddr.brealtime.com — Cisco Umbrella Rank: 2428	3 KB
3	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 571 image8.pubmatic.com — Cisco Umbrella Rank: 570	1 KB
3	setupad.com node.setupad.com — Cisco Umbrella Rank: 34165	625 B
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 416 ads.yahoo.com — Cisco Umbrella Rank: 816 ups.analytics.yahoo.com — Cisco Umbrella Rank: 268	2 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8832	1 KB
3	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1055	759 B
3	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 7456	2 KB
3	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 6130	537 B
3	stpd.cloud stpd.cloud — Cisco Umbrella Rank: 36729	413 KB
3	gstatic.com fonts.gstatic.com	110 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 251 fonts.googleapis.com — Cisco Umbrella Rank: 35	98 KB
2	sportradarserving.com 2 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2159	1 KB
2	advertising.com 1 redirects pixel.advertising.com — Cisco Umbrella Rank: 307	452 B
2	tns-counter.ru 1 redirects www.tns-counter.ru — Cisco Umbrella Rank: 9999	705 B
2	aidata.io 2 redirects x01.aidata.io — Cisco Umbrella Rank: 13774	1 KB
2	adsniper.ru 2 redirects sync3.adsniper.ru — Cisco Umbrella Rank: 11692	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 528	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 697 s.tribalfusion.com — Cisco Umbrella Rank: 1995	1 KB
2	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 565
2	com.de appfurpc.com.de	2 KB
1	opera.com t.adx.opera.com — Cisco Umbrella Rank: 4149	410 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 384	626 B
1	admixer.net inv-nets.admixer.net — Cisco Umbrella Rank: 2365	463 B
1	sniperlog.ru sync3.sniperlog.ru — Cisco Umbrella Rank: 32357	516 B
1	otm-r.com sync.dmp.otm-r.com — Cisco Umbrella Rank: 20303	70 B
1	adkernel.com dsp.adkernel.com — Cisco Umbrella Rank: 3771	233 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 929	465 B
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 488	535 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 403	3 KB
310	57

	Domain	Requested by
22	tpc.googlesyndication.com	windowsapp.com.se securepubads.g.doubleclick.net tpc.googlesyndication.com cdn.ampproject.org 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com s0.2mdn.net
21	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
19	s0.2mdn.net	windowsapp.com.se s0.2mdn.net
16	ib.adnxs.com	6 redirects stpd.cloud googleads.g.doubleclick.net acdn.adnxs.com
14	eus.rubiconproject.com	windowsapp.com.se eus.rubiconproject.com stpd.cloud cache.betweendigital.com
13	cm.g.doubleclick.net	7 redirects windowsapp.com.se googleads.g.doubleclick.net 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com onetag-sys.com
13	ads.betweendigital.com	2 redirects stpd.cloud ads.betweendigital.com onetag-sys.com
13	windowsapp.com.se	windowsapp.com.se
10	cdn.ampproject.org	securepubads.g.doubleclick.net
9	onetag-sys.com	1 redirects cache.betweendigital.com onetag-sys.com
9	prebid-stag.setupad.net	stpd.cloud windowsapp.com.se
8	x.bidswitch.net	8 redirects
8	pixel.rubiconproject.com	2 redirects windowsapp.com.se onetag-sys.com
8	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net windowsapp.com.se
8	gum.criteo.com	4 redirects static.criteo.net
7	mug.criteo.com	windowsapp.com.se
6	static.criteo.net	stpd.cloud static.criteo.net
6	adx.adform.net	stpd.cloud
6	script.4dex.io	stpd.cloud script.4dex.io
5	sync.bumlam.com	5 redirects
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	windowsapp.com.se tpc.googlesyndication.com
5	mc.yandex.com	2 redirects windowsapp.com.se
4	px.adhigh.net	4 redirects
4	match.adsrvr.org	2 redirects windowsapp.com.se 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
4	secure-assets.rubiconproject.com	4 redirects
4	www.googletagservices.com	windowsapp.com.se 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
3	biddr.brealtime.com	stpd.cloud
3	acdn.adnxs.com	stpd.cloud
3	u.openx.net	stpd.cloud
3	node.setupad.com	windowsapp.com.se
3	cs.emxdgt.com	stpd.cloud
3	rtb.openx.net	windowsapp.com.se stpd.cloud
3	aax-eu.amazon-adsystem.com	2 redirects
3	s.amazon-adsystem.com	2 redirects
3	token.rubiconproject.com	3 redirects
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net
3	pixel-eu.rubiconproject.com	eus.rubiconproject.com onetag-sys.com
3	cm.adform.net	windowsapp.com.se stpd.cloud
3	fastlane.rubiconproject.com	stpd.cloud
3	prebid.a-mo.net	stpd.cloud
3	prg.smartadserver.com	stpd.cloud
3	bidder.criteo.com	stpd.cloud
3	rtb.adxpremium.services	stpd.cloud
3	mp.4dex.io	stpd.cloud
3	setupad-d.openx.net	stpd.cloud
3	hb.emxdgt.com	stpd.cloud
3	prebid-eu.creativecdn.com	stpd.cloud
3	stpd.cloud	windowsapp.com.se
3	pubads.g.doubleclick.net	windowsapp.com.se
3	fonts.gstatic.com	windowsapp.com.se fonts.googleapis.com
2	an.yandex.ru	1 redirects
2	a.sportradarserving.com	2 redirects
2	pixel.advertising.com	1 redirects onetag-sys.com
2	dmp.adform.net	2 redirects
2	www.tns-counter.ru	1 redirects
2	x01.aidata.io	2 redirects
2	sync3.adsniper.ru	2 redirects
2	image6.pubmatic.com	2 redirects
2	b1sync.zemanta.com	2 redirects
2	googleads4.g.doubleclick.net	windowsapp.com.se
2	googleads.g.doubleclick.net	8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com windowsapp.com.se
2	fonts.googleapis.com	securepubads.g.doubleclick.net
2	8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	id.rlcdn.com	windowsapp.com.se onetag-sys.com
2	mc.yandex.ru	1 redirects windowsapp.com.se
2	is1-ssl.mzstatic.com	windowsapp.com.se
2	is4-ssl.mzstatic.com	windowsapp.com.se
2	appfurpc.com.de	windowsapp.com.se
1	t.adx.opera.com
1	ups.analytics.yahoo.com	1 redirects
1	image8.pubmatic.com	onetag-sys.com
1	ssbsync-global.smartadserver.com	onetag-sys.com
1	sync.mathtag.com	1 redirects
1	inv-nets.admixer.net
1	sync3.sniperlog.ru
1	cache.betweendigital.com	ads.betweendigital.com
1	sync.dmp.otm-r.com	ads.betweendigital.com
1	dsp.adkernel.com	8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
1	s.tribalfusion.com	8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	cms.quantserve.com	8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
1	9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ads.yahoo.com	windowsapp.com.se
1	pr-bh.ybp.yahoo.com	1 redirects
1	0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	id5-sync.com	stpd.cloud
1	is3-ssl.mzstatic.com	windowsapp.com.se
1	ajax.googleapis.com	windowsapp.com.se
1	cdn.jsdelivr.net	windowsapp.com.se
310	91

This site contains links to these domains. Also see Links.

Domain
www.hogia.se
dl.windowsden.uk
m.apkpure.com
is4-ssl.mzstatic.com
www.bignox.com
bluestacks.com
apps.apple.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-02-18` - `2023-02-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
appfurpc.com.de R3	`2022-02-03` - `2022-05-04`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
itunes.apple.com Apple Public EV Server RSA CA 2 - G1	`2021-06-22` - `2022-07-22`	a year	crt.sh
mc.yandex.ru Yandex CA	`2021-12-22` - `2022-06-03`	5 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
*.emxdgt.com Amazon	`2021-07-02` - `2022-07-31`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2021-08-05` - `2022-09-05`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.a-mo.net R3	`2022-02-18` - `2022-05-19`	3 months	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-05-28` - `2022-06-15`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-28` - `2022-05-23`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
node.setupad.com R3	`2022-03-02` - `2022-05-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G2	`2021-12-30` - `2023-01-31`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-12-10` - `2022-12-09`	a year	crt.sh
*.brealtime.com Go Daddy Secure Certificate Authority - G2	`2022-01-21` - `2023-02-22`	a year	crt.sh
sync.dmp.otm-r.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-18` - `2022-06-18`	a year	crt.sh
cache.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-24` - `2023-02-24`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.adx.opera.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-14` - `2022-06-10`	a year	crt.sh

This page contains 46 frames:

Primary Page: https://windowsapp.com.se/1058455218/hogia-mypayslip
Frame ID: CAC47C440BFAFC2A85CF370AA1D65128
Requests: 30 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd220112.js
Frame ID: 1CC55A5EF7D4A64A49A44BC2C4336179
Requests: 34 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: F2B5A65CBF1354F5962D34558C7DCD09
Requests: 11 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd220112.js
Frame ID: 2D0E56D400BD48C1719DF9F1613A3B18
Requests: 33 HTTP requests in this frame

Frame: https://stpd.cloud/assets/postbid/stpd220112.js
Frame ID: 4331021831C47301B5DFC969D9FBE9F2
Requests: 33 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: 2C016DDAA170F7A406014575FA1BC59D
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Frame ID: 27F0533EE38E51A930C6E677570780FD
Requests: 2 HTTP requests in this frame

Frame: https://0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 72144F21FB0BC854584801EAA11FC736
Requests: 1 HTTP requests in this frame

Frame: https://9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: E7050A5488460BDC464805CF07837F01
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Frame ID: 8B34B84A1E05CC1102C65F03EEB8B5D5
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Frame ID: BD01043D3276AFE6AA37EAF6264E45C2
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Frame ID: 3445039573FC011D8BAF81A5E3D5B45E
Requests: 1 HTTP requests in this frame

Frame: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 5446A360CA7B25927D9D1775B638FAC2
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs
Frame ID: D99903C7BD0AC2441DFCB2DD942A09E2
Requests: 15 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs
Frame ID: 0AAB89C2BEE370188043AD11D67CD7DA
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EE6C85848038F823241818DB8780A283
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FCF7A512528357167DBC4F4A08611BC2
Requests: 2 HTTP requests in this frame

Frame: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 941851F7143DD7D5C810640731F2F464
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BD68533C77760838A05CEDC0DBB17FD7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 7D6A2290E6EA67CF7DD0070699FD88B4
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 51D445FCE6B010F262700A17C3EF7FB9
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 61DAC3AF48126951E5311B75B132442A
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGM6EtMQBMAE&v=APEucNWk0AMbzNWI42ZBIlzxNrNIZJAEOYd_DPkHhsTAIu-akE9-3kWx220OTm2-MfU-G7F6o8wlmW-AEZFDv8htiEC4puOn8TXXS5Nf3L-dIVE_V9MuqTRjRgY3qrvW-EtX9gMCtTCQboVXtji51fIB5fN2DgOW5Kfm-I8es_gn4HvC9w5jciX7mwisZrunvw5eZfSnTR4dI-HaUiw-cIrcDWBPsaaTkQ
Frame ID: 72AF859726AF94AAFCAE5A22E714A2E1
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 94547EBC3321DB6A154D55D34A7A2CA6
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
Frame ID: 4C4E2E4782E807080F1DA561D68310C5
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: AFC8CD4F67B50D827F05D0220572308C
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js
Frame ID: 9BD9EFD58E7DBB3A5B446CCFAE5AEDD1
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=windowsapp.com.se
Frame ID: 14E92AAAD1062368A3B91FE4E85D7875
Requests: 2 HTTP requests in this frame

Frame: https://ads.betweendigital.com/sspmatch-iframe
Frame ID: EC4B2F0B801FC9457B2AC4639E1E0D44
Requests: 5 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: DAA3E4D3A3B23C84523D8F5DF03080B9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 46BAE058C44660BA01BE08384F6E7259
Requests: 3 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: E0B0E39CBCFA97D6B50536421ABE3704
Requests: 2 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 03F61E4E69DEFE7EC7C81B50D746CBC3
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: E659C86810A57F20E1444EC812307145
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: F9D49A9F0A60A045B552063C1F872F87
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 33590A1D49089E51E4F7241954888A85
Requests: 1 HTTP requests in this frame

Frame: https://ads.betweendigital.com/sspmatch-iframe
Frame ID: 08BBE8E26BCE41B2E0D3826BC8E96B9E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E4B55636AF4814E74A13D69DEB1E37AB
Requests: 3 HTTP requests in this frame

Frame: https://ads.betweendigital.com/sspmatch-iframe
Frame ID: 9474D4DA951A2C08C3586533E62BB9FA
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 0F98EDFEB72B14F83494A7FC7ECDBB61
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 8CC4B796C0EC77186F365B83A7879A8A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: E1514D089A890CE00B03BEC57BFFBC6D
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 9476378A38C1536CA701BF58D2C504A5
Requests: 3 HTTP requests in this frame

Frame: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&CACHEBUSTER=142150
Frame ID: 05B5479A202D2D10A8B6284A85A1B478
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Frame ID: 551FC2840A2D8C25DFA62D652F904CC0
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Frame ID: 07768807B09C9B9BAA5EC49CF499678F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ladda ner Hogia MyPayslip på datorn gratis - Windows PC och Mac (Svenska)

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Material Design Lite (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/material(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Yandex.Direct (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://an\.yandex\.ru/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

310
Requests

86 %
HTTPS

38 %
IPv6

57
Domains

91
Subdomains

70
IPs

13
Countries

2671 kB
Transfer

7080 kB
Size

73
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hogia.se/affarssystem/star/mypayslip
Title: Hogia Business Products AB

Search URL Search Domain Scan URL

URL: https://dl.windowsden.uk/se/1058455218
Title: Ladda ner ⇩

Search URL Search Domain Scan URL

URL: https://m.apkpure.com/search?q=Hogia%20MyPayslip
Title: Ladda ner Apk

Search URL Search Domain Scan URL

URL: https://is4-ssl.mzstatic.com/image/thumb/PurpleSource125/v4/87/74/97/87749798-7579-95b1-bea6-42e5dd83b207/29664357-1278-4c4d-90e5-6b642a810954_iPhone_8_Plus.png/392x696bb.png

Search URL Search Domain Scan URL

URL: https://www.bignox.com/sv/download/fullPackage
Title: Nox-app

Search URL Search Domain Scan URL

URL: https://bluestacks.com/
Title: Bluestacks

Search URL Search Domain Scan URL

URL: https://apps.apple.com/se/app/hogia-mypayslip/id1058455218?uo=4&at=1058455218
Title: Gratis På iTunes ↲

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=T-NRrHxxNTNndS9Vb1JkeXhTbUdHNGZxZ3VSWFpuWGUzeXhNQm80alZXL1U3QnhiclhnWFBManV0bUZwT2dXd2tsSGx2b3EvVkhrcnY1LzRseTdTd25lRllTN3dJbXhBdkZUSS8yaEw2ZDNtcjNDdTR2dSt1ZjVxTm1iSlB0MCtiSS9HMjhhOXJTeERoeEVLZ0N0U3l6d251bllSeXcyajhsUU5zZ1BYNmIwYTdyK2RWTDNnekplb1l2V29YMFNEeVA1S3ZNTjdabzNJWTFXbEx6UUJtOHRrTHI5TTBmTVYvTGxhZitmRXhDa2NrQnM4REx1MUZ6aDIwdXorK0JUUXJLWFZmfA&cppv=2

Request Chain 32

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 34

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9579.b3Y8m2ZHIRINrkSOWVTpsze6mC-U6f4Ry-2a95xYoheefj2GZIqc8HRd1sFroquZ.NiiZHEZN9Jtcy6wHXnQ3i_mAi4M%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9579.Tzysg3OW7mciijH8Easn93czbixEAYHVbCTb4aZayoxEXc5TZ8NQjnPDY1Ripg9Z-XvU_4A2M9GGccQEaIEGdg%2C%2C.7JmCEe1Fcv6Dpxtv_70DUmx6dJg%2C

Request Chain 55

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=lNRk2nxROWxMOGtXbGgrNElDK1hqdDZDVzByOFh4M1JTQUN3NzdvRzdULzZDMmM3SkhPT2hNUkUvY3UrK3grRHQ2QWFUbXpKTldpOGNWRS9OZkY1TnFiOWdkTGhHUTlJZlZHenYyNFlEYTJPTGVYTlFTdkU3dHBuM1ZHMFlLNXZQZW9iMkFGeHJYNGw2S2xweTlFbE9jQllnZ09DRFpwTG14UFRZYXlLVHo2Q0daSHZya2o3czJhM1FxTUtySVRyOGVibHhLWUQrNFJsa1BtWU5hMk5Ybm8zTlVxM2JYajM2Znh0M2xJVTFZRTlNWnVxNkV2VlhXWjREd2twU2R6SDc3UU5tfA&cppv=2

Request Chain 57

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 62

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=lZEOD3xrUHNPQ01uRlNvaE92UGNFcHU4QkFrbks2Q2JRVkZTcCszRFh4aWhOb2FSVi9XSWRHTWpGUDVtOVFiVEZReTdMbnI5ZmQ5RzVzTFd2clRnaHIwclBMdE8xL2NreWZFaHcxMC9URDc1VDJoYzNLME54WVpDdkpKWFNYby9NSDFLY0RVYkVTUldoS3JidlhWZ0g1eU1oRUhTSXBSN2xrcWUzNVg3QmhKSW8reHNFK1U0MDhLWjRWTHlSSzlNQjM4M29pRWlmSXJLc0tkRTQrQzRnYWhPOHl3RTBSSE5YeWhBcThhQi9xVlBQNVBsRHV0ZVh3V2EySEYvTDM5cncyNlRUfA&cppv=2

Request Chain 64

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

Request Chain 103

https://mc.yandex.com/watch/49116760?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%3A629%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A115022334916%3Ahid%3A119425449%3Az%3A0%3Ai%3A20220316145143%3Aet%3A1647442303%3Ac%3A1%3Arn%3A554076869%3Arqn%3A1%3Au%3A1647442303144902750%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647442302282%3Ads%3A28%2C19%2C413%2C1%2C0%2C0%2C%2C242%2C4%2C%2C%2C%2C704%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647442303%3At%3ALadda%20ner%20Hogia%20MyPayslip%20p%C3%A5%20datorn%20gratis%20-%20Windows%20PC%20och%20Mac%20(Svenska)&t=gdpr(14)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/49116760/1?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%3A629%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A115022334916%3Ahid%3A119425449%3Az%3A0%3Ai%3A20220316145143%3Aet%3A1647442303%3Ac%3A1%3Arn%3A554076869%3Arqn%3A1%3Au%3A1647442303144902750%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647442302282%3Ads%3A28%2C19%2C413%2C1%2C0%2C0%2C%2C242%2C4%2C%2C%2C%2C704%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647442303%3At%3ALadda%20ner%20Hogia%20MyPayslip%20p%C3%A5%20datorn%20gratis%20-%20Windows%20PC%20och%20Mac%20%28Svenska%29&t=gdpr%2814%29aw%281%29ti%282%29

Request Chain 109

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid-stag.setupad.net%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D1%2526gdpr_consent%253D%2526uid%253D%2524UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

Request Chain 113

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

Request Chain 118

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

Request Chain 119

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUT00wV0QtNy1BMUtX

Request Chain 120

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/MfNi2GRcM1_sD211VpP4kQ?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2779659342229516082

Request Chain 121

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0TOM0WD-7-A1KW&sigv=1&esig=2~64941dbdd95dcc8ed27406faf5ec2da583258b98

Request Chain 122

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=REB-GMhOQOyc_Oky7_F9kw&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=REB-GMhOQOyc_Oky7_F9kw

Request Chain 124

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED4nIl18kl1iaSYxnf-wZCU&google_cver=1

Request Chain 125

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=qCI2s0esTNeXxAbZ2VQeLg&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qCI2s0esTNeXxAbZ2VQeLg

Request Chain 198

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1&C=1

Request Chain 199

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjH5gI5pKkeYcLYdEw0IoQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1

Request Chain 200

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDiJMv_Q4IYksCwXhKZCDo0&google_cver=1

Request Chain 201

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxNDcyNDkyMTYwODczNzYzMQ%3D%3D

Request Chain 231

https://a.tribalfusion.com/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 233

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEONOOUtSm2IKjuSNrvqCEOk&google_cver=1&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEONOOUtSm2IKjuSNrvqCEOk&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt&google_hm=SGdyUXEwbThPNVJfSVphZXZadEY=

Request Chain 234

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHSxtRgZxdyEEDveEzNoA-c&google_cver=1&google_push=AYg5qPJgsWCLMzJTiq4uw-_y6NvJcZR_Xa4DPbQGPTIrhvfzMQVxP_7L8JR0qGolx2kY7F8NwctzHP-q6fBr3YUej14zT1AIect6 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHSxtRgZxdyEEDveEzNoA-c&google_cver=1&google_push=AYg5qPJgsWCLMzJTiq4uw-_y6NvJcZR_Xa4DPbQGPTIrhvfzMQVxP_7L8JR0qGolx2kY7F8NwctzHP-q6fBr3YUej14zT1AIect6&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=w0VfD5qbRSmWO8zZYKmtRw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJgsWCLMzJTiq4uw-_y6NvJcZR_Xa4DPbQGPTIrhvfzMQVxP_7L8JR0qGolx2kY7F8NwctzHP-q6fBr3YUej14zT1AIect6

Request Chain 236

https://match.360yield.com/match/ebda?google_gid=CAESEJsz-kQ6vDqWXqydo3YcBIM&google_cver=1&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEJsz-kQ6vDqWXqydo3YcBIM&google_cver=1&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t

Request Chain 266

https://x.bidswitch.net/sync?ssp=between HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=between HTTP 302
https://px.adhigh.net/p/cm/bsw?u=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&bidswitch_ssp_id=between HTTP 302
https://px.adhigh.net/p/cm/bsw?u=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&bidswitch_ssp_id=between&bounced=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=9&user_id=ugi5yZbHbmET.AikABlF_kzapVA&expires=30&ssp=between HTTP 302
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf

Request Chain 267

https://px.adhigh.net/p/cm/btw HTTP 302
https://px.adhigh.net/p/cm/btw?bounced=1 HTTP 302
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=ugi5yZbHbmET.AikABlF_kzapVA

Request Chain 269

https://sync.bumlam.com/?src=bw1&uid=92ada6ab-67c0-524b-b7ce-5790d5ffaeef HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiD88eRBlIFvp7KygpiJDkyYWRhNmFiLTY3YzAtNTI0Yi1iN2NlLTU3OTBkNWZmYWVlZg** HTTP 302
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARiD88eRBlIFvp7KygpiJDkyYWRhNmFiLTY3YzAtNTI0Yi1iN2NlLTU3OTBkNWZmYWVlZqIBEJqtApSlOBHshuAAJZDAZHw* HTTP 302
https://sync.bumlam.com/?src=bw1&s_data=CAIQABiD88eRBmIkOTJhZGE2YWItNjdjMC01MjRiLWI3Y2UtNTc5MGQ1ZmZhZWVmogEQmq0ClKU4EeyG4AAlkMBkfA** HTTP 302
https://sync.bumlam.com/?src=bw1&s_data=CAIQARiD88eRBmIkOTJhZGE2YWItNjdjMC01MjRiLWI3Y2UtNTc5MGQ1ZmZhZWVmogEQmq0ClKU4EeyG4AAlkMBkfA** HTTP 302
https://ads.betweendigital.com/match?bidder_id=18&external_user_id=9aad0294-a538-11ec-86e0-002590c0647c

Request Chain 270

https://gum.criteo.com/sid/json?origin=publishertag&domain=windowsapp.com.se&sn=ChromeSyncframe&so=3&topUrl=windowsapp.com.se&bundle=ts_-a19ZblNTTVNCMyUyQlElMkJiaWJxY2hROUdUTWclMkZtZ3ROJTJCU0hrZElWbUNXSzg4VFF2QWE0ZERuRmdmN2pieHZVc1BrZ25OTjBNRnJkQ0JNbmt2Um8wR2JTd2g0a1FOaCUyQiUyQjA5eGtpN2hSbiUyRmJDOGdZNHclMkZYN2UzcDAyMHpxekVYM2FTQmM&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=T2_3-3xqdzZuSjJrMzNXUHRicHM5bVRoRlNOZ3FGdDJIWUZab3plQTA0ZG1Ub29yNkg4RUpFSStHQnJyWU41M3lOdzU0N3ZFTDUxcHhiTDZSem5BaUFiZGpDRmU0RjU0UXlLamVCR0I1ZXNBRnJZejFrM3FrYjhPbC96ZTZ3RFV4S2t1QVF2QmhBMTR4MXBXdXpsUGlXaXRkUDZuSHdKQ3hZcG5HaTcyU3JreEJGY1k1TFRaVTFucllYN1hreHpLQTFxVk9PdG9BUEs0M0ZFWGppYi9VVVI4cSszekhZMHZIdEdPV3RLcFRaQnFDbFhINm9EMWxZVlpSaEsveGpCR3NVSlJ2czh3eWNjNUtueEdWc3J3VjNNVjR5QzcrYllDdjFLY3h5LzYzNXNtaXhUVT18&cppv=2

Request Chain 286

https://x.bidswitch.net/sync?ssp=between HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dbetween%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D%26gdpr_consent%3D HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&ssp=between&expires=30&user_group=1&gdpr=&gdpr_consent= HTTP 302
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf

Request Chain 287

https://sync.bumlam.com/?src=aid0 HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=9aad0294-a538-11ec-86e0-002590c0647c HTTP 302
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=9aad0294-a538-11ec-86e0-002590c0647c&bounce=1 HTTP 302
https://sync.bumlam.com/?src=aid1&uid=5abAQH5JazaO%2FPCnwrIpjA& HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata HTTP 302
https://sync3.sniperlog.ru/?src=ggl&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata&google_gid=CAESEEG98zZxwnSFr-gcWTB390s&google_cver=1

Request Chain 288

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

Request Chain 291

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150 HTTP 302
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150

Request Chain 295

https://x.bidswitch.net/sync?dsp_id=429&user_id=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&expires=60 HTTP 302
https://inv-nets.admixer.net/bs/cm.aspx?id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&consent=&gdpr_pd=

Request Chain 297

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/d1d26231-f984-4500-aba7-6a7aec66113b

Request Chain 299

https://dmp.adform.net/serving/cookie/match?party=1167&cid=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs HTTP 302
https://onetag-sys.com/sync/i,34/2424032671312533712

Request Chain 300

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=4214724921608737631

Request Chain 302

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true&verify=true

Request Chain 303

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABf5M2rXCbBddd6AAMmB8AUzXpPwyD-Mp8sQ

Request Chain 307

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESECarEQ_KNt9OvOgee6VtL28&google_cver=1

Request Chain 308

https://ups.analytics.yahoo.com/ups/58488/occ HTTP 302
https://onetag-sys.com/match/?int_id=92&uid=y-1aifE.VE2uGGCUZrt23A.nDVzMDvj0S4fzEvGTE-~A

Request Chain 309

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=c74816a9-08ef-4069-947b-eb7a0acbc4ca&ttl=1650034308

Request Chain 310

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=59a97357-7a62-467a-9b35-dba62d5ea010&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&gdpr_consent=&us_privacy=

Request Chain 312

https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F92ada6ab-67c0-524b-b7ce-5790d5ffaeef HTTP 302
https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef HTTP 302
https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef?redir-setuniq=1

310 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hogia-mypayslip Show response
windowsapp.com.se/1058455218/ 47 KB
11 KB 460ms
413ms Document
text/html 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d53079596a387796deaec74abe239cb3947132cfd04df2a787c183c2f994de

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
cf-cache-status: BYPASS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TsZn0SBqeC9cJ4dFN3qzndXlYAVvDeVjODezVc8Mi1ms%2Fq7M53FcibhiN0hYCA%2FnE%2FE73ryx5EwTSB1zZzeTBjX2DYxBW7NUNGg0VqC8LDgW7xoUVD%2FW27VmAS24ug44dBEg3hZEt2LQgdEQ1bUPaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ece4ef59a3c92a5-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.fancybox.css
windowsapp.com.se/public/fancybox/source/ 5 KB
2 KB 18ms
17ms Stylesheet
text/css 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/fancybox/source/jquery.fancybox.css?v=2.1.5
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 779457
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-131f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZBEa5U3KhfariipviJsJKOxqJGl7KHsUYPMbGYdALpKkie00VjVRNBItlcn%2Fb%2FaDwpBlqZXp59VxVzITUmALzUmkx3wPcZp26eDy0rGXckQnBryjqt%2Bs%2Fk5adc4Wb4ZkfN%2Fe8%2F6jb4tr8GqXV5THA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31104000
cf-ray: 6ece4ef84f6492a5-FRA
expires: Thu, 02 Mar 2023 14:20:45 GMT

GET
H2 200 in-view.min.js Show response
cdn.jsdelivr.net/npm/in-view@0.6.1/dist/ 5 KB
3 KB 38ms
19ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/in-view@0.6.1/dist/in-view.min.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba92f31903d0ed43a15811c0506b1c357fa04ff643140a3c0e162dfc66cd37eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 148304
x-jsd-version: 0.6.1
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19149-FRA
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"14be-WmlQIO/ElIG9SfA/X8UgGV8u+ls"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6ece4ef868b592c5-FRA

GET
H2 200 style.css
windowsapp.com.se/public/material/css/ 227 KB
34 KB 21ms
21ms Stylesheet
text/css 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/material/css/style.css
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d9ee5b0568153374301fd4320464c2f7b1a34402b379aebe17d4ad5ec066e0c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 779457
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 13:15:30 GMT
server: cloudflare
etag: W/"5f68a772-38be2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nhraD%2BmMdU7zNFsSd9rdhO2NTS%2FO28hyHkztY%2FLcHYrR9mLSbHmDME3amf%2FkeYo5LPxz3zbdWu%2BAlkBpsj9OR6Ywp0MyVPjUTgAbe9M6YZAJhzT0xiSDWdBrITHPZrAGdxcBZeCfnf%2BUBPNC4GRAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31104000
cf-ray: 6ece4ef84f6592a5-FRA
expires: Thu, 02 Mar 2023 14:20:45 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
96 KB 51ms
8ms Script
text/javascript 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 02:17:43 GMT
x-content-type-options: nosniff
age: 131639
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97163
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Mar 2023 02:17:43 GMT

GET
H3 200 loading.svg
windowsapp.com.se/public/images/ 696 B
960 B 16ms
15ms Image
image/svg+xml 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windowsapp.com.se/public/images/loading.svg
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1844de70f8a19e1bb882b6f7a1161affa42ebe90640ab3415b44819251de0843

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-2b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6F4dnHiOxme9xWflpbZcvfAXPHHMxMsvnPaYTMme5jWp4dINHKeSz4eYt%2FOh2kj6bALY7f895p2ox9MYAPpZhWXHg7L0CZQANMHtITs2xf9BOvqVr9j2WM868baZQSnJVkElRUipiOYSyPO4TB0ygQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=31104000
cf-ray: 6ece4ef8de999bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 bigstar-rating.js Show response
windowsapp.com.se/public/js/ 550 B
932 B 17ms
17ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/js/bigstar-rating.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0828ff138959647667235067a0290defa35f9000217b30ce6a5b21c1cfc61ef3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789289
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-226"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bB%2BOadC23rqPd0dW9f09ru00v2IlDQKYFiKi8Rey9WuXDT4ziGvx3LdapQJc0RQAvE9EpYZCh%2B3OES4buoCoAWXH6sm9KGTz%2F0a3vL5mhQkpMu5L0Y05BgrMLIzLW2pGL2TysNP7%2Fl1rBKn1KG8U8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef88dfb9bd0-FRA
expires: Thu, 02 Mar 2023 11:36:53 GMT

GET
H3 200 star-rating.js Show response
windowsapp.com.se/public/js/ 602 B
907 B 15ms
15ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/js/star-rating.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e2651c08f7fa61aa39c3ffea1803795a9da8e14f04f9a53abe127af4eaeceef9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-25a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N3AjW4lHHnvxPkVFxTqWKXNSvFmej5WaxUxOHQOsc0%2BLIsrW%2Fi5aIeF6zwem6j%2FY2HTPxrntA%2BtOxz39zdkhAkAf7ta8tWEwoC047S67ukiDs7sQiNhZ%2FHG8eNGFehb2JKkfBpxibPRKAreO2R1Qfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8ae319bd0-FRA
expires: Thu, 02 Mar 2023 11:36:53 GMT

GET
H3 200 jquery.mousewheel-3.0.6.pack.js Show response
windowsapp.com.se/public/fancybox/lib/ 1 KB
1 KB 14ms
14ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/fancybox/lib/jquery.mousewheel-3.0.6.pack.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-568"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=az7Kg9%2F1qa7ZcWARK8WDjzXKTxrL8dhbgEa4DpDrtYwSnF7%2BM5WmrMZLzJbtfEsCjlUvvleRtNxbL3psok3HAaR3IVpAAr93QKvaSAQGWjkZ3y0wrU6qdAjsJFKHP%2B8V6b4uiQ99UHG9qFebhqWJvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8be679bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 jquery.fancybox.pack.js Show response
windowsapp.com.se/public/fancybox/source/ 23 KB
9 KB 23ms
22ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/fancybox/source/jquery.fancybox.pack.js?v=2.1.5
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 781791
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-5a5f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B2Pz1fXRXyd5U8OwkopRGyU1kHQ1zXB9f8x5etMb9jSx9xJRn%2FG4LzHcdD%2FRSgAAHug4cJNC%2FU9PU%2F5Hdtx%2FaMJ7pVckhcovpbpBfTaemwy%2F94qiIuA1mebNN%2FnDKgBCxLve9EkUDiHDhDfMenoljw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de909bd0-FRA
expires: Thu, 02 Mar 2023 13:41:51 GMT

GET
H3 200 imglazyload.js Show response
windowsapp.com.se/public/js/ 2 KB
2 KB 24ms
23ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/js/imglazyload.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d6ef3fd5623ae5008fa3c70b222291c40e4dcfa493ea5d4ce2b066e0788b1edc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-867"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LMyhUNXlZj0bgGLRodcIpapwQr32iJAu%2Fu52PTwlBA1XhGYJrYLFI017pZcHgx9Epkld3QyrMNGlbPF2ABvMMVsF8LjaFZLqGU%2FWx34CC7SZlmxdRg4VJc7oqzryx9Wbp240RiDV9ruE1TRIpEEk9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de929bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 bootstrap.min.js Show response
windowsapp.com.se/public/material/js/ 36 KB
11 KB 18ms
16ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/material/js/bootstrap.min.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-9004"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1IULVVwmPGKp%2FyXsaJHdD%2FDtyXYCzrhypZBL7Wd7Ygj3h90DoyqOwidm4c%2FhrD8FRPWDam0STBxfzJDcaDUiTkXaIqTYfb3wek8K2Nny%2By5%2Fj3QCn%2BdH0vWGZULmJTSolNnxVG4YBT6qiA84VflPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de949bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 ripples.min.js Show response
windowsapp.com.se/public/material/js/ 3 KB
2 KB 15ms
14ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/material/js/ripples.min.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d8fc43bffbe520fcff9f4818daaa59adba984204ac253fb4ce9d2f921a737c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-af9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KDnYEwxF72gLUVZ%2BiVJhyqUNTqismhFaAANr1DQHqlQXVCSi%2BoUib7JHpPsXFcqg%2FWN0svuHn9nibrMfxQljQRGgmtrrjxs1Qyz4tP4QVAjcGYSN41j4YK7PAw08tzIhBJbvHitQ9XA3buJEFjl2aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de959bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 material.min.js Show response
windowsapp.com.se/public/material/js/ 5 KB
2 KB 16ms
15ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/material/js/material.min.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a2770268fb74d2f9c0463b4b836e2764c553e1ad4e914ae2bc1c31a9230ab78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-152e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9SdAT3DS3LWFwiECdPOvJ0FRnIJwY4YesxGqfjbieNjzYZ8nsgHZM0TsbJTxOXZb%2BCGpjYAz88Ozs2v2BH2cuwICXBmDubtV7I0LbCQTGdCBUGSiM4ortvqDhpYU1W7OnFyLOE%2BH12GWzL%2Bx9yXfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de979bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H3 200 jquery.dropdown.js Show response
windowsapp.com.se/public/material/js/ 12 KB
4 KB 25ms
24ms Script
application/javascript 2606:4700:3030::6815:2a91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://windowsapp.com.se/public/material/js/jquery.dropdown.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3030::6815:2a91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f7523fd3bff5a6464ace1e296b6e5c864b4a444d833b4decd992da40f658cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/1058455218/hogia-mypayslip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 789288
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 21 Sep 2020 11:21:08 GMT
server: cloudflare
etag: W/"5f688ca4-3056"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SaXLsZdra5jH1gmcrfxx2vPQeQtumclW9N2S6XOhRuFg4CsMTCyx5ldvv0sCHRBHNT%2Bcu5DN8ccNtsllaoZu%2B2EAaBOYMH1rqa15fTQAg9Kz4q9iAe2OwGxJf5oSCosTaYgktxbey%2F0gCi0TJLmVTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31104000
cf-ray: 6ece4ef8de989bd0-FRA
expires: Thu, 02 Mar 2023 11:36:54 GMT

GET
H/1.1 200
OK bigstars.png
appfurpc.com.de/public/images/ 823 B
1 KB 499ms
158ms Image
image/png 209.50.60.88
UPCLOUDUSA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appfurpc.com.de/public/images/bigstars.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/public/material/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.50.60.88 Phoenix, United States, ASN25697 (UPCLOUDUSA, US),

Reverse DNS

209-50-60-88.us-sjo1.upcloud.host

Software

Apache /

Resource Hash

ac66ac722009b2924b2fc7b8d59b434342feb5f158046a3b4c639473bae9201c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Aug 2019 10:23:10 GMT
Server: Apache
ETag: "337-591530246a52a"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 823
X-XSS-Protection: 1; mode=block
Expires: Thu, 16 Mar 2023 14:51:43 GMT

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v41/ 54 KB
55 KB 38ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v41/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

978f46f059f8b7580f0ace9c2a00175c926cb91b1bb69d1b39d7fd3a9e8582ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://windowsapp.com.se/
Origin: https://windowsapp.com.se
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 18:59:54 GMT
x-content-type-options: nosniff
age: 71508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55208
x-xss-protection: 0
last-modified: Thu, 16 Aug 2018 20:54:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Mar 2023 18:59:54 GMT

GET
H2 200 adx Show response
pubads.g.doubleclick.net/gampad/ 55 KB
14 KB 121ms
82ms XHR
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189,22384346533/windowsapp.com.se_980x300_responsive_1&sz=970x250%7C728x90%7C300x250&t=Placement_type%3Dserving&1647442302899

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

5870c19909e7a0d0277d4294f0bfd8d4adbaed3d61379092be412e5ad01816f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13082
x-xss-protection: 0
google-lineitem-id: 5926800160
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138384232262
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK stars.png
appfurpc.com.de/public/images/ 444 B
860 B 470ms
158ms Image
image/png 209.50.60.88
UPCLOUDUSA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://appfurpc.com.de/public/images/stars.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/public/material/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.50.60.88 Phoenix, United States, ASN25697 (UPCLOUDUSA, US),

Reverse DNS

209-50-60-88.us-sjo1.upcloud.host

Software

Apache /

Resource Hash

55d7c24fcedca5f2bb26dd9c3a34ecb431dd61161400da5478b50f190c49bbc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Aug 2019 10:23:10 GMT
Server: Apache
ETag: "1bc-591530246b4cb"
Vary: User-Agent
Content-Type: image/png
Cache-Control: public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 444
X-XSS-Protection: 1; mode=block
Expires: Thu, 16 Mar 2023 14:51:43 GMT

GET
H2 200 200x200bb.jpg
is3-ssl.mzstatic.com/image/thumb/Purple125/v4/88/5a/27/885a272e-1e6b-db17-9dad-cee91a486d49/source/ 10 KB
11 KB 190ms
22ms Image
image/jpeg 2a02:26f0:6c00:288::2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is3-ssl.mzstatic.com/image/thumb/Purple125/v4/88/5a/27/885a272e-1e6b-db17-9dad-cee91a486d49/source/200x200bb.jpg

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:288::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

daiquiri/3.0.0 /

Resource Hash

e4c5e9c0d510a455ae0f1615a994f29fd924bba51050d05ed568d2c2a6287568

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-apple-jingle-correlation-key: IIM7CLD4D6NA3YC55XR3VNOG6U
strict-transport-security: max-age=31536000; includeSubDomains
etag: "MSwxLjE4LjItMjJBLDIwRTI0MSwxNjQzNjE4NzU3ODgxLGlzQnVpbGRWZXJzaW9uTm90U2V0LDcwNTM1LG5vRWZmZWN0"
x-b3-traceid: 4219f12c7c1f9a0de05dede3bab5c6f5
x-daiquiri-instance: daiquiri:43624002:st44p00it-hyhk15014701:7987:21RELEASE207:daiquiri-amp-processing-shared-int-001-st
x-apple-request-uuid: 4219f12c-7c1f-9a0d-e05d-ede3bab5c6f5
b3: 4219f12c7c1f9a0de05dede3bab5c6f5-e3be6a8eb796f158
content-length: 10643
server: daiquiri/3.0.0
x-cache: TCP_MISS from a2-16-186-188.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-tk: false
last-modified: Mon, 31 Jan 2022 08:45:57 GMT
x-cache-remote: TCP_MISS from a193-108-94-135.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-seq: 0.0
date: Wed, 16 Mar 2022 14:51:43 GMT
apple-originating-system: UnknownOriginatingSystem
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control: no-transform, max-age=12916636
x-b3-spanid: e3be6a8eb796f158
cdnuuid: 84701035-fdd4-4cd2-94c8-5c9b17b90a03-46479600

GET
H2 200 392x696bb.png
is4-ssl.mzstatic.com/image/thumb/PurpleSource125/v4/87/74/97/87749798-7579-95b1-bea6-42e5dd83b207/29664357-1278-4c4d-90e5-6b642a810954_iPhone_8_Plus.png/ 55 KB
56 KB 194ms
26ms Image
image/png 2a02:26f0:6c00:2b7::2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is4-ssl.mzstatic.com/image/thumb/PurpleSource125/v4/87/74/97/87749798-7579-95b1-bea6-42e5dd83b207/29664357-1278-4c4d-90e5-6b642a810954_iPhone_8_Plus.png/392x696bb.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2b7::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

daiquiri/3.0.0 /

Resource Hash

23e8f7f6a12e07a3a097767ec61c968efcfe8195f10572feae2806b89be4203d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-apple-jingle-correlation-key: H66M6IEDXQ2OM4YRI7ZJD5UOSM
strict-transport-security: max-age=31536000; includeSubDomains
etag: "MSwxLjE5LTIyQiwyMEUyNDEsMTY0NDkzOTcwODA2NSxpc0J1aWxkVmVyc2lvbk5vdFNldCw1MDIwMCxub0VmZmVjdA=="
x-b3-traceid: 3fbccf2083bc34e6731147f291f68e93
x-daiquiri-instance: daiquiri:13624002:mr85p00it-hyhk03094901:7987:22RELEASE11:daiquiri-amp-processing-shared-int-001-mr
x-apple-request-uuid: 3fbccf20-83bc-34e6-7311-47f291f68e93
b3: 3fbccf2083bc34e6731147f291f68e93-f45f8e61099120a2
content-length: 55857
server: daiquiri/3.0.0
x-cache: TCP_MISS from a2-16-186-127.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-tk: false
last-modified: Tue, 15 Feb 2022 15:41:48 GMT
x-cache-remote: TCP_HIT from a193-108-94-133.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-seq: 0.0
date: Wed, 16 Mar 2022 14:51:43 GMT
apple-originating-system: UnknownOriginatingSystem
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control: no-transform, max-age=12163585
x-b3-spanid: f45f8e61099120a2
cdnuuid: 8e61501e-8790-49db-9474-9be68874f558-18068744

GET
H2 200 200x200bb.jpg
is1-ssl.mzstatic.com/image/thumb/Purple123/v4/74/8b/59/748b59f2-ac1a-9b21-c541-86fc5b8fc9be/source/ 8 KB
8 KB 186ms
18ms Image
image/jpeg 2a02:26f0:6c00:2ab::2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is1-ssl.mzstatic.com/image/thumb/Purple123/v4/74/8b/59/748b59f2-ac1a-9b21-c541-86fc5b8fc9be/source/200x200bb.jpg

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2ab::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

daiquiri/3.0.0 /

Resource Hash

c2ca50b6340d3f0247e56806ab034615c5c1c5398870c95b0be83c0482fb10c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-apple-jingle-correlation-key: 5NM764N4YR5SUS7UH2TAD4JISQ
strict-transport-security: max-age=31536000; includeSubDomains
etag: "MSwxLjE3LjUtMjEwLDIwRTI0MSwxNjQxOTk3MDM2NzEwLGlzQnVpbGRWZXJzaW9uTm90U2V0LDcwMzg2LG5vRWZmZWN0"
x-b3-traceid: eb59ff71bcc47b2a4bf43ea601f12894
x-daiquiri-instance: daiquiri:43624002:st44p00it-hyhk15014701:7987:21RELEASE207:daiquiri-amp-processing-shared-int-001-st
x-apple-request-uuid: eb59ff71-bcc4-7b2a-4bf4-3ea601f12894
b3: eb59ff71bcc47b2a4bf43ea601f12894-4b0cac01d1a9bbd3
content-length: 7739
server: daiquiri/3.0.0
x-cache: TCP_MISS from a2-16-186-228.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-tk: false
last-modified: Wed, 12 Jan 2022 14:17:16 GMT
x-cache-remote: TCP_MISS from a2-20-143-180.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-seq: 0.0
date: Wed, 16 Mar 2022 14:51:43 GMT
apple-originating-system: UnknownOriginatingSystem
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control: no-transform, max-age=10684991
x-b3-spanid: 4b0cac01d1a9bbd3
cdnuuid: 4f9ba83d-479f-45bc-9a22-84573dc6014a-10521215

GET
H2 200 150x150bb.png
is4-ssl.mzstatic.com/image/thumb/Purple115/v4/c6/aa/02/c6aa022f-77a0-4492-eab3-c16591d614c0/AppIcon-0-0-1x_U007emarketing-0-0-0-7-0-0-sRGB-0-0-0-GLES2_U002c0-512MB-85-220-0-0.png/ 8 KB
9 KB 204ms
37ms Image
image/png 2a02:26f0:6c00:2b7::2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is4-ssl.mzstatic.com/image/thumb/Purple115/v4/c6/aa/02/c6aa022f-77a0-4492-eab3-c16591d614c0/AppIcon-0-0-1x_U007emarketing-0-0-0-7-0-0-sRGB-0-0-0-GLES2_U002c0-512MB-85-220-0-0.png/150x150bb.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2b7::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

daiquiri/3.0.0 /

Resource Hash

1affb8f05c65e07d5d22f1ec86340e534b74fa7321ed4b2c8e7d7b1a697b40e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-apple-jingle-correlation-key: RQ4RQOQHXNTDHW523YGTIWOR24
strict-transport-security: max-age=31536000; includeSubDomains
etag: "MSwxLjE4LjItMjJBLDIwRTI0MSwxNjQzNjA5MDU1NjYwLGlzQnVpbGRWZXJzaW9uTm90U2V0LDYwMDQ3LG5vRWZmZWN0"
x-b3-traceid: 8c39183a07bb6633dbbade0d3459d1d7
x-daiquiri-instance: daiquiri:33624002:pv50p00it-hyhk12033901:7987:21RELEASE207:daiquiri-amp-processing-shared-int-001-pv
x-apple-request-uuid: 8c39183a-07bb-6633-dbba-de0d3459d1d7
b3: 8c39183a07bb6633dbbade0d3459d1d7-e9a6e1a693c73a89
content-length: 8629
server: daiquiri/3.0.0
x-cache: TCP_MISS from a2-16-186-127.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-tk: false
last-modified: Mon, 31 Jan 2022 06:04:15 GMT
x-cache-remote: TCP_HIT from a193-108-94-136.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-seq: 0.0
date: Wed, 16 Mar 2022 14:51:43 GMT
apple-originating-system: UnknownOriginatingSystem
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control: no-transform, max-age=11178097
x-b3-spanid: e9a6e1a693c73a89
cdnuuid: 84701035-fdd4-4cd2-94c8-5c9b17b90a03-47501082

GET
H2 200 150x150bb.png
is1-ssl.mzstatic.com/image/thumb/Purple125/v4/0d/f1/8d/0df18d21-83a2-12ac-b139-092920e4c5ee/AppIcon-0-1x_U007emarketing-0-9-0-85-220.png/ 8 KB
9 KB 255ms
88ms Image
image/png 2a02:26f0:6c00:2ab::2a1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://is1-ssl.mzstatic.com/image/thumb/Purple125/v4/0d/f1/8d/0df18d21-83a2-12ac-b139-092920e4c5ee/AppIcon-0-1x_U007emarketing-0-9-0-85-220.png/150x150bb.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2ab::2a1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

daiquiri/3.0.0 /

Resource Hash

e884d8ac399db625523c10398657df0403405b60f0ebd374bfc70d714ba2f58f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-apple-jingle-correlation-key: GHI5QPINTB7S5NM67OJMPPKM3Q
strict-transport-security: max-age=31536000; includeSubDomains
etag: "MSwxLjE4LjItMjJBLDIwRTI0MSwxNjQyOTQ2NTIzODU4LGlzQnVpbGRWZXJzaW9uTm90U2V0LDUwMDcwLG5vRWZmZWN0"
x-b3-traceid: 31d1d83d0d987f2eb59efb92c7bd4cdc
x-daiquiri-instance: daiquiri:13624002:mr85p00it-hyhk03094901:7987:21RELEASE207:daiquiri-amp-processing-shared-int-001-mr
x-apple-request-uuid: 31d1d83d-0d98-7f2e-b59e-fb92c7bd4cdc
b3: 31d1d83d0d987f2eb59efb92c7bd4cdc-956c20a9d885a856
content-length: 7901
server: daiquiri/3.0.0
x-cache: TCP_MISS from a2-16-186-228.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-tk: false
last-modified: Sun, 23 Jan 2022 14:02:03 GMT
x-cache-remote: TCP_MISS from a2-20-143-180.deploy.akamaitechnologies.com (AkamaiGHost/10.7.3-39449967) (-)
apple-seq: 0.0
date: Wed, 16 Mar 2022 14:51:43 GMT
apple-originating-system: UnknownOriginatingSystem
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
cache-control: no-transform, max-age=12590410
x-b3-spanid: 956c20a9d885a856
cdnuuid: 1aa6cf32-83b4-40a3-87f9-0bb4b402dcef-29489058

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 199 KB
68 KB 137ms
68ms Script
application/javascript 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

3f220f3495c96b51b282b05e390230202c948611867f2841cdf8ac30f7fdd427

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
last-modified: Wed, 16 Mar 2022 13:13:01 GMT
etag: "6231b82d-10fdc"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 69596
expires: Wed, 16 Mar 2022 15:51:43 GMT

GET
H3 200 adx Show response
pubads.g.doubleclick.net/gampad/ 55 KB
13 KB 88ms
73ms XHR
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189,22384346533/windowsapp.com.se_728x90_responsive_4&sz=728x90%7C320x100&t=Placement_type%3Dserving&1647442303033

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

6a86882782bc143326fece32eb4bb5f659942d8a7af66d4ec22037a53671aa35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13025
x-xss-protection: 0
google-lineitem-id: 5925588435
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138384290415
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adx Show response
pubads.g.doubleclick.net/gampad/ 55 KB
13 KB 160ms
145ms XHR
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/adx?iu=/147246189,22384346533/windowsapp.com.se_300x250_responsive_2&sz=300x250&t=Placement_type%3Dserving&1647442303033

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

65ac6ddbbaf8393a0ee05b6aaf2d869f0bba38902003fc4a1c37ea813cbaefce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13022
x-xss-protection: 0
google-lineitem-id: 5926800208
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138384289353
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 stpd220112.js Show response
stpd.cloud/assets/postbid/ Frame 1CC5 478 KB
138 KB 57ms
30ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd220112.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff28592ae2b0572a76b11239cd63a9c88412201a72ea0e994894f4bcd6d9d4bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: bDGrZ1LqinsbttFnOfc0iQ==
age: 1976
x-ms-lease-status: unlocked
last-modified: Wed, 16 Mar 2022 12:18:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d6fSafHOESVGHTHvqZeq8QyTjeqxD3o1igwZ4xepr%2FQTF%2FXYzeg9jDarTmNWrWCD9aHbv2Oikm7trrfpLGFcyP6g6Rw5Y5I3uiTh13ylMcUxx7wLgFugdfSK5Qwk%2BQTscl7BfCKdPLk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c2ad0066-b01e-0044-512f-3975a8000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6ece4efa2a298fd6-FRA

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 43ms
14ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1551
date: Wed, 16 Mar 2022 14:51:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 1CC5 483 B
938 B 43ms
14ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88274
x-amz-request-id: txabea8e98672240ae92027-006230a0ad
x-amz-id-2: txabea8e98672240ae92027-006230a0ad
last-modified: Tue, 15 Mar 2022 14:20:20 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88msrS4PM9bFrqRTqbhAFiED4zyUY8mkbZA7Z0qLY5YrQKdOymuTJ17IwFgeeW28YSLaHgk%2F21HMjfB0g%2Bvid136PYgfu0TNQFdYzb158l1eoSHYwU1rq3XGkJtRlbWbQ35%2F2xReM86V30Ok"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647354020753810
cf-ray: 6ece4efada44926e-FRA

GET
H2

200

sid Show response
mug.criteo.com/ Frame 1CC5
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=T-NRrHxxNTNndS9Vb1JkeXhTbUdHNGZxZ3VSWFpuWGUzeXhNQm80alZXL1U3QnhiclhnWFBManV0bUZwT2dXd2tsSGx2b3EvVkhrcnY1LzRseTdTd25lRllTN3dJbXhBdkZUSS8yaEw2ZDNtcjNDdTR2dSt1ZjVxTm1iSl...

350 B
619 B

60ms
20ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=T-NRrHxxNTNndS9Vb1JkeXhTbUdHNGZxZ3VSWFpuWGUzeXhNQm80alZXL1U3QnhiclhnWFBManV0bUZwT2dXd2tsSGx2b3EvVkhrcnY1LzRseTdTd25lRllTN3dJbXhBdkZUSS8yaEw2ZDNtcjNDdTR2dSt1ZjVxTm1iSlB0MCtiSS9HMjhhOXJTeERoeEVLZ0N0U3l6d251bllSeXcyajhsUU5zZ1BYNmIwYTdyK2RWTDNnekplb1l2V29YMFNEeVA1S3ZNTjdabzNJWTFXbEx6UUJtOHRrTHI5TTBmTVYvTGxhZitmRXhDa2NrQnM4REx1MUZ6aDIwdXorK0JUUXJLWFZmfA&cppv=2

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

d1ad3a2ea64fb8d1a6a1cc8606514b06b1fbe862fdf090c0fdcd7f97a4af8c7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2972
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
location: https://mug.criteo.com/sid?cpp=T-NRrHxxNTNndS9Vb1JkeXhTbUdHNGZxZ3VSWFpuWGUzeXhNQm80alZXL1U3QnhiclhnWFBManV0bUZwT2dXd2tsSGx2b3EvVkhrcnY1LzRseTdTd25lRllTN3dJbXhBdkZUSS8yaEw2ZDNtcjNDdTR2dSt1ZjVxTm1iSlB0MCtiSS9HMjhhOXJTeERoeEVLZ0N0U3l6d251bllSeXcyajhsUU5zZ1BYNmIwYTdyK2RWTDNnekplb1l2V29YMFNEeVA1S3ZNTjdabzNJWTFXbEx6UUJtOHRrTHI5TTBmTVYvTGxhZitmRXhDa2NrQnM4REx1MUZ6aDIwdXorK0JUUXJLWFZmfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1882
content-length: 509
expires: 0

POST
H/1.1 200 481.json Show response
id5-sync.com/g/v2/ Frame 1CC5 213 B
535 B 40ms
8ms XHR
application/json 51.89.21.20
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.21.20 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p14.id5-sync.com

Software

Resource Hash

ac02bdf79bde6d69e23d3d3dd2b014934122ca527534bea7246cb5141b3fa138

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://windowsapp.com.se
Date: Wed, 16 Mar 2022 14:51:42 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 1CC5 82 KB
28 KB 57ms
22ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d65bb65ae2b3d154d304620f525efa1b52d7c777fcd1a866476c6564a921ddf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27820
x-xss-protection: 0
server: sffe
etag: "1159 / 158 of 1000 / last-modified: 1647428978"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Mar 2022 14:51:43 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame F2B5
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

178ms
8ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:43 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H2 200 stpd220112.js Show response
stpd.cloud/assets/postbid/ Frame 2D0E 478 KB
137 KB 27ms
26ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd220112.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff28592ae2b0572a76b11239cd63a9c88412201a72ea0e994894f4bcd6d9d4bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: bDGrZ1LqinsbttFnOfc0iQ==
age: 1976
x-ms-lease-status: unlocked
last-modified: Wed, 16 Mar 2022 12:18:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IsWCpQEKEyKcvDvvjyHOFYBWf1b8elT7jh%2F5XegeEIjGTkDsbWEzn%2B08vzDuqSdyjU1mpzP6uVJz9X%2FfgrrBRhcr37bxVx8rpoHFTb8Le5k9ZoX%2BGG8aKsfubaPr1SjNRonC9T%2BynsI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c2ad0066-b01e-0044-512f-3975a8000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6ece4efacb058fd6-FRA

GET
H2

400

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9579.b3Y8m2ZHIRINrkSOWVTpsze6mC-U6f4Ry-2a95xYoheefj2GZIqc8HRd1sFroquZ.NiiZHEZN9Jtcy6wHXnQ3i_mAi4M%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9579.Tzysg3OW7mciijH8Easn93czbixEAYHVbCTb4aZayoxEXc5TZ8NQjnPDY1Ripg9Z-XvU_4A2M9GGccQEaIEGdg%2C%2C.7JmCEe1Fcv6Dpxtv_70DUmx6dJg%2C

75 B
75 B

35ms
34ms

Image
text/html

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9579.Tzysg3OW7mciijH8Easn93czbixEAYHVbCTb4aZayoxEXc5TZ8NQjnPDY1Ripg9Z-XvU_4A2M9GGccQEaIEGdg%2C%2C.7JmCEe1Fcv6Dpxtv_70DUmx6dJg%2C

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
strict-transport-security: max-age=31536000
content-length: 75
x-xss-protection: 1; mode=block
content-type: text/html; charset=utf-8

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9579.Tzysg3OW7mciijH8Easn93czbixEAYHVbCTb4aZayoxEXc5TZ8NQjnPDY1Ripg9Z-XvU_4A2M9GGccQEaIEGdg%2C%2C.7JmCEe1Fcv6Dpxtv_70DUmx6dJg%2C
date: Wed, 16 Mar 2022 14:51:43 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
112 B 38ms
38ms Image
image/gif 2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
last-modified: Wed, 16 Mar 2022 13:13:01 GMT
etag: "6231b82d-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 16 Mar 2022 15:51:43 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 63ms
17ms Preflight 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://windowsapp.com.se
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 1CC5 1 KB
987 B 55ms
25ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b55bf7dd15889d4a22f310790e4a465c487f6f55b43cf7667d2726032870a9b

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Sm0xQLmTnrQxBDvZqLxv6Cj9%2FgiLLsn%2ByKmMcS3w68%2F4JTKmDPPIEysxfExdnEgSzwmuxq8Y4Df0df%2F1315R73uUhj64g2wlVVCmHKnDUj0gIR%2Fb3ZljNyShbr%2BfU0o8Q6ahfd%2Bfvf3wAJHy7nRZwkwI55H"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efb6dbc9b45-FRA
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 1CC5 2 KB
2 KB 200ms
171ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f789b8326c3f46978381827257e7e71f0aa4b7bade56b616125fb40a000d5ddf

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzTPk8nmZ8LedtMl4KDLAPtDMGqtUsggRwWtTl0xamhKKg3aY0AQKOB0pSO3qFovV1917aeDJOxSg0U%2Fu7fKUpqrP64FQzNdUM122%2BmcfNVD5O9FOmjAcdIZFw7on%2BRXi2orp8ujPZdJHabbtl1yNm5V5MQR"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efb6dbd9b45-FRA
expires: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 1CC5 0
179 B 58ms
23ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 / Show response
hb.emxdgt.com/ Frame 1CC5 0
160 B 37ms
10ms XHR
text/plain 35.158.25.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1647442303238&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.25.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-25-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1CC5 139 B
834 B 46ms
16ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

267a0f89061df3a170cd2660cdeb0c2d0723ec9549a236faf3d7f4c632727d37

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6390ff71-be79-4fe9-8c28-e5fbb07c1da3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame 1CC5 73 B
379 B 77ms
19ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=551f2af7-34ad-4216-94db-9d7e48bbe104&nocache=1647442303241&id5id=0&pubcid=4d18e712-0bd2-46c9-aa3a-39c5ba72f265&schain=1.0%2C1!setupad.com%2C407%2C1%2C%2C%2C&aus=970x250%2C728x90%2C980x300%2C750x100%2C750x150%2C750x200%2C750x300%2C800x250%2C930x180%2C950x90%2C970x90%2C970x210%2C980x120%2C980x150%2C980x200%2C980x240%2C980x250&divids=div-custom-ad-1647442303035-0&aucs=&auid=556674433
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: b28a3ac67ab03fb5ed8d06e3a9c75cb395f0dd3768e0d850a02452cb501e661f

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://windowsapp.com.se
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 1CC5 0
410 B 136ms
95ms XHR
text/plain 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 1CC5 0
402 B 67ms
39ms XHR
text/plain 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efb7e8d6933-FRA
x-err: Parsing the Prebid Request. ads.txt not fetchable or parsable
expires: 0

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 1CC5 462 B
789 B 443ms
366ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: b3b613017bdfefc65a5e549f3c8f53a18054df44e256b0816be64174c5b0a371

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 462
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 1CC5 0
218 B 280ms
18ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.6.0&cb=79233053248

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 1CC5 0
339 B 140ms
18ms XHR
application/json 185.86.139.59
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.59 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:42 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 1CC5 0
205 B 577ms
362ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 217
vary: origin, Accept-Encoding

POST
H2 200 adjson Show response
ads.betweendigital.com/ Frame 1CC5 2 B
913 B 259ms
163ms XHR
application/json 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 1CC5 283 B
1 KB 217ms
98ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=342930&zone_id=1810420&size_id=2&alt_size_ids=31%2C38%2C39%2C40%2C41%2C55%2C57%2C78%2C79%2C96%2C125%2C145&rp_schain=1.0,1!setupad.com,407,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&tk_flint=pbjs_lite_v6.6.0&x_source.tid=551f2af7-34ad-4216-94db-9d7e48bbe104&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.31064572546168057
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: b64579706b840bc68fd32fdeb4ddcf2d0e8c92c789a55d2b9bca6a1d8101e5d1

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 283
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 1CC5 72 KB
23 KB 46ms
29ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 87561
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx82349058fe274b0698173-006230a262
x-amz-id-2: tx82349058fe274b0698173-006230a262
last-modified: Tue, 15 Mar 2022 14:20:19 GMT
server: cloudflare
etag: W/"ad0d3c45f41a818ade0dc83d4b687ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aHE8fmB8x%2BKN5nnR8nohZWAp2C93LU%2BaX1T%2BUo7GZoiKw0%2BDQLW8S7pivCc1Hbt1FIdWMN%2FG%2Bc6wPeVY7YKs2z2zeO8JY3eNHiMzlpkPoDhouPMIsmxhTqmizFlLCrUTpjRJ0MgsQhgbaqHG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647354019224084
cf-ray: 6ece4efb7a2a5be5-FRA
access-control-allow-headers: Authorization

GET
H2 200 stpd220112.js Show response
stpd.cloud/assets/postbid/ Frame 4331 478 KB
137 KB 26ms
26ms Script
application/javascript 2606:4700:3108::ac42:2b03
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/assets/postbid/stpd220112.js
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2b03 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff28592ae2b0572a76b11239cd63a9c88412201a72ea0e994894f4bcd6d9d4bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-md5: bDGrZ1LqinsbttFnOfc0iQ==
age: 1976
x-ms-lease-status: unlocked
last-modified: Wed, 16 Mar 2022 12:18:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VZkXmUYy%2FfWhucyntCaoGxUKQAWL9sx0xVIfv%2FGvec3KdIR3o71TBuDicd1azn9EL00KxFmhGKPau%2FzGPU17tbTJ5Q14Ayjs0n7fRPiZJCQA7rmCauW9VrW%2FEzItmKSH0cHg%2Fu28JU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: c2ad0066-b01e-0044-512f-3975a8000000
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6ece4efb5bba8fd6-FRA

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 15ms
15ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1588
date: Wed, 16 Mar 2022 14:51:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 2D0E 483 B
546 B 15ms
15ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88274
x-amz-request-id: txabea8e98672240ae92027-006230a0ad
x-amz-id-2: txabea8e98672240ae92027-006230a0ad
last-modified: Tue, 15 Mar 2022 14:20:20 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=drlk0OpqWC22VfX0rkZEsrw1NdpN1jrrfc04b4u7N%2FhC2sPQ8dcjYTXB68cmHduYgUxsBIaidTRRtIRotDSAGsRHSb04sexRRtvOLSkv26Svwl4KYw7wG5wXnHy30CFyxPH3umzOdNycAIH1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647354020753810
cf-ray: 6ece4efb7b3e926e-FRA

GET
H2

200

sid Show response
mug.criteo.com/ Frame 2D0E
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=lNRk2nxROWxMOGtXbGgrNElDK1hqdDZDVzByOFh4M1JTQUN3NzdvRzdULzZDMmM3SkhPT2hNUkUvY3UrK3grRHQ2QWFUbXpKTldpOGNWRS9OZkY1TnFiOWdkTGhHUTlJZlZHenYyNFlEYTJPTGVYTlFTdkU3dHBuM1ZHMF...

355 B
622 B

60ms
21ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=lNRk2nxROWxMOGtXbGgrNElDK1hqdDZDVzByOFh4M1JTQUN3NzdvRzdULzZDMmM3SkhPT2hNUkUvY3UrK3grRHQ2QWFUbXpKTldpOGNWRS9OZkY1TnFiOWdkTGhHUTlJZlZHenYyNFlEYTJPTGVYTlFTdkU3dHBuM1ZHMFlLNXZQZW9iMkFGeHJYNGw2S2xweTlFbE9jQllnZ09DRFpwTG14UFRZYXlLVHo2Q0daSHZya2o3czJhM1FxTUtySVRyOGVibHhLWUQrNFJsa1BtWU5hMk5Ybm8zTlVxM2JYajM2Znh0M2xJVTFZRTlNWnVxNkV2VlhXWjREd2twU2R6SDc3UU5tfA&cppv=2

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

6f5d8886ff273181ead99e744c014365107d40411f6e23ee6c0914ac69748b05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4157
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
location: https://mug.criteo.com/sid?cpp=lNRk2nxROWxMOGtXbGgrNElDK1hqdDZDVzByOFh4M1JTQUN3NzdvRzdULzZDMmM3SkhPT2hNUkUvY3UrK3grRHQ2QWFUbXpKTldpOGNWRS9OZkY1TnFiOWdkTGhHUTlJZlZHenYyNFlEYTJPTGVYTlFTdkU3dHBuM1ZHMFlLNXZQZW9iMkFGeHJYNGw2S2xweTlFbE9jQllnZ09DRFpwTG14UFRZYXlLVHo2Q0daSHZya2o3czJhM1FxTUtySVRyOGVibHhLWUQrNFJsa1BtWU5hMk5Ybm8zTlVxM2JYajM2Znh0M2xJVTFZRTlNWnVxNkV2VlhXWjREd2twU2R6SDc3UU5tfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1675
content-length: 509
expires: 0

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2D0E 82 KB
27 KB 34ms
17ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

840a0078483521dfec460304ac9e472a01a30a94b9e282558a1da2dbea3c1106

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27820
x-xss-protection: 0
server: sffe
etag: "1159 / 205 of 1000 / last-modified: 1647428978"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Mar 2022 14:51:43 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 2C01
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

100ms
9ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:43 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 80ms
23ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1503
date: Wed, 16 Mar 2022 14:51:43 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 pubads_impl_2022030201.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1CC5 364 KB
122 KB 30ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

499d742344f4b69df1c45273acccf5c6941269f48276e4d52cdabdfbb77a7904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 09:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124504
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 09:35:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 09:39:30 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/ Frame 1CC5 0
239 B 38ms
16ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/sync.php?p=prebid
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H2 200 localstore.js Show response
script.4dex.io/ Frame 4331 483 B
548 B 23ms
23ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88274
x-amz-request-id: txabea8e98672240ae92027-006230a0ad
x-amz-id-2: txabea8e98672240ae92027-006230a0ad
last-modified: Tue, 15 Mar 2022 14:20:20 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J3QDn%2F99hgasujvLrV5M8aYeVmS1Mcbk2fK9RNbopsVPHWTcmcEHYofJfFsNcfZ%2FdyWCAMh5DHKko0Iz3j6X6w5a3nVLnTTqpln1K8cOlFWRjC1z%2BeH8LSdaJ5cydRNseGOFXuFetUzEopYc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=1800
x-amz-version-id: 1647354020753810
cf-ray: 6ece4efbdbb6926e-FRA

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4331
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=lZEOD3xrUHNPQ01uRlNvaE92UGNFcHU4QkFrbks2Q2JRVkZTcCszRFh4aWhOb2FSVi9XSWRHTWpGUDVtOVFiVEZReTdMbnI5ZmQ5RzVzTFd2clRnaHIwclBMdE8xL2NreWZFaHcxMC9URDc1VDJoYzNLME54WVpDdkpKWF...

355 B
622 B

20ms
19ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=lZEOD3xrUHNPQ01uRlNvaE92UGNFcHU4QkFrbks2Q2JRVkZTcCszRFh4aWhOb2FSVi9XSWRHTWpGUDVtOVFiVEZReTdMbnI5ZmQ5RzVzTFd2clRnaHIwclBMdE8xL2NreWZFaHcxMC9URDc1VDJoYzNLME54WVpDdkpKWFNYby9NSDFLY0RVYkVTUldoS3JidlhWZ0g1eU1oRUhTSXBSN2xrcWUzNVg3QmhKSW8reHNFK1U0MDhLWjRWTHlSSzlNQjM4M29pRWlmSXJLc0tkRTQrQzRnYWhPOHl3RTBSSE5YeWhBcThhQi9xVlBQNVBsRHV0ZVh3V2EySEYvTDM5cncyNlRUfA&cppv=2

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

ce9b0028faa50c05c0e68b753212514c1ce4bf266c25c45588f051b7b0c46e97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3371
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:42 GMT
location: https://mug.criteo.com/sid?cpp=lZEOD3xrUHNPQ01uRlNvaE92UGNFcHU4QkFrbks2Q2JRVkZTcCszRFh4aWhOb2FSVi9XSWRHTWpGUDVtOVFiVEZReTdMbnI5ZmQ5RzVzTFd2clRnaHIwclBMdE8xL2NreWZFaHcxMC9URDc1VDJoYzNLME54WVpDdkpKWFNYby9NSDFLY0RVYkVTUldoS3JidlhWZ0g1eU1oRUhTSXBSN2xrcWUzNVg3QmhKSW8reHNFK1U0MDhLWjRWTHlSSzlNQjM4M29pRWlmSXJLc0tkRTQrQzRnYWhPOHl3RTBSSE5YeWhBcThhQi9xVlBQNVBsRHV0ZVh3V2EySEYvTDM5cncyNlRUfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1838
content-length: 509
expires: 0

GET
H3 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 4331 81 KB
27 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bde3399290ccdbda3598eefb7c8c22d0f148e19e4460d3c4f74d62ddafc4db25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27821
x-xss-protection: 0
server: sffe
etag: "1159 / 546 of 1000 / last-modified: 1647428978"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Mar 2022 14:51:43 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 27F0
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-setupad&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu

281 B
554 B

37ms
9ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:43 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 22ms
21ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwindowsapp.com.se%2F&domain=windowsapp.com.se&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1610
date: Wed, 16 Mar 2022 14:51:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 26ms
22ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1111
date: Wed, 16 Mar 2022 14:51:42 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 17ms
17ms Preflight 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://windowsapp.com.se
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 2D0E 1 KB
664 B 40ms
40ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b55bf7dd15889d4a22f310790e4a465c487f6f55b43cf7667d2726032870a9b

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtYLrXYflswtmyKtY%2BDzcNg5pXWxRhavKOsnCHepQjASdwy%2BtrlLUrCc2JPYiZDb6W%2B6bp0sSTGsoWGJullB%2FEz7aetcpJHWHWdfw%2BM2L9lS4RMuE3gSz%2BpqZ0ycajsPBjrVcMzCj8fTxPeF2JqIo8rfEebp"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efbee879b45-FRA
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 2D0E 4 KB
2 KB 283ms
283ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 483f564ec4b5811ac3f677eddb3f659dcd1f9bbe4557bdc62d3a286939503419

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUWoggK%2FVvzjj8TpvYJmm3fO6BV8L34PE0dV0pPp1yJBAWr9gBYS0DL4QgIRfMvtLUAz%2BCNTUw6%2FCEN12aq3uki6S1SQg8gdCmvgbV043ZTHG5gaNoz%2FTgXk0QKzZZyrahIk37dsyx2kxWK4gws3nQSzj1Vj"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efbee889b45-FRA
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 2D0E 259 B
1 KB 165ms
108ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=342930&zone_id=1810426&size_id=2&alt_size_ids=1&rp_schain=1.0,1!setupad.com,407,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&tk_flint=pbjs_lite_v6.6.0&x_source.tid=3fddb585-d5cd-4456-9b7e-5531fa0c489f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.844545306635667
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: f043ebb16ba3c7aba625be6a885bb05d8749aa4da78600f9ca5599ffd5e0872e

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 259
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 2D0E 0
41 B 33ms
32ms XHR
text/plain 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efbff6b6933-FRA
x-err: Parsing the Prebid Request. ads.txt not fetchable or parsable
expires: 0

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 2D0E 2 KB
2 KB 86ms
85ms XHR
application/json 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c4856b42b55900626e460d60aefc617623678b087d25e22a874aa1662b262718

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://windowsapp.com.se
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 2D0E 0
339 B 54ms
19ms XHR
application/json 185.86.139.59
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.59 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 2D0E 0
179 B 16ms
15ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 2D0E 462 B
789 B 156ms
133ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: 59af59ae58cab232e032de6a98a8f63b3ffccf876d81cb97592ee29642b4c5ca

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 462
expires: 0

GET
H3 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame 2D0E 73 B
101 B 42ms
26ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=3fddb585-d5cd-4456-9b7e-5531fa0c489f&nocache=1647442303353&id5id=0&pubcid=4d18e712-0bd2-46c9-aa3a-39c5ba72f265&schain=1.0%2C1!setupad.com%2C407%2C1%2C%2C%2C&aus=728x90%2C468x60&divids=div-custom-ad-1647442303168-0&aucs=&auid=556674450
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 381e2684a9bc6cafc83d65738a492211d71d17a8f3f23250f7afdeb98a65cb8a

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://windowsapp.com.se
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 2D0E 0
218 B 174ms
17ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.6.0&cb=73267728009

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 14:51:42 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 2D0E 0
349 B 270ms
158ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 62
vary: origin, Accept-Encoding

POST
H2 200 adjson Show response
ads.betweendigital.com/ Frame 2D0E 2 B
913 B 46ms
46ms XHR
application/json 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2D0E 139 B
834 B 14ms
14ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

062f216611c03f1f859b98bd0c77d2fde2d69955ec9ba456b979b41b1e29fb22

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 73f2ffdc-10ef-4508-b5d0-d1eecfe7ac4f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 / Show response
hb.emxdgt.com/ Frame 2D0E 0
159 B 17ms
15ms XHR
text/plain 35.158.25.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1647442303355&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.25.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-25-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 2D0E 72 KB
22 KB 23ms
21ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 87561
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx82349058fe274b0698173-006230a262
x-amz-id-2: tx82349058fe274b0698173-006230a262
last-modified: Tue, 15 Mar 2022 14:20:19 GMT
server: cloudflare
etag: W/"ad0d3c45f41a818ade0dc83d4b687ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1cfxntuNXsfGwiYgJi%2FfpvyJ2bBR1VkYIWjyf447%2FwtKsWB%2F8%2Bq2fR3%2FeFIfPfeLjbHWJ6vmc8SBjuf4Qq8tfBmIkjzzQUM0IZhKYnQEtArU2LUcGMTNn1l0z9l7Eq2Lu4m%2FfPzC3zvP3SG"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647354019224084
cf-ray: 6ece4efc0aaa5be5-FRA
access-control-allow-headers: Authorization

GET
H3 200 pubads_impl_2022030702.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 2D0E 364 KB
122 KB 28ms
12ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

bf21717eb9d6b396f3a9a20f66d264678ebbffac2b8bdce1a864b61b7346eaf3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 21:18:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 63198
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124753
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 21:16:58 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Mar 2023 21:18:25 GMT

GET
H2 200 cookie
cm.adform.net/ Frame 1CC5 43 B
106 B 85ms
45ms Image
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2 200 adagio.js Show response
script.4dex.io/ Frame 4331 72 KB
22 KB 19ms
17ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 87561
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx82349058fe274b0698173-006230a262
x-amz-id-2: tx82349058fe274b0698173-006230a262
last-modified: Tue, 15 Mar 2022 14:20:19 GMT
server: cloudflare
etag: W/"ad0d3c45f41a818ade0dc83d4b687ff1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5djdzyHpq6wWp7aj7oN%2B1d4OfHmSBVrpK6WKa60BlPxtXm0e6ICoNJFnLToo52UlQd3jKpo%2FMHgtLuCQFkqWcP189DCLD%2FntfRkgwQx5UGsOhMur%2FxEfNCBOr%2FnZOlELk16MAZ996P%2FQPxU"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1647354019224084
cf-ray: 6ece4efc4afb5be5-FRA
access-control-allow-headers: Authorization

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 19ms
17ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 1094
date: Wed, 16 Mar 2022 14:51:43 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/ Frame 2D0E 0
239 B 11ms
10ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/sync.php?p=prebid
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 19ms
18ms Preflight 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://windowsapp.com.se
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://windowsapp.com.se
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1
pragma: no-cache
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 4331 1 KB
665 B 44ms
44ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b55bf7dd15889d4a22f310790e4a465c487f6f55b43cf7667d2726032870a9b

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pbIxLKRcai%2F6GRit%2BGTgiLqJYQLJo%2FrnBN4ysDMzINvbczK6sZyfHsYhHuu%2FbiAeA%2BxLEMKUjXFid1Fiaq6WcM2n1rDBD6sC6pRTtHH7v3kQClPDCKL6133y0J9yImI0gXhwhUm6TwcmPg%2FJs3yga0HEM4yd"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efc8fa99b45-FRA
expires: 0

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 4331 20 KB
9 KB 267ms
265ms XHR
application/json 2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d62d1a20edf87da63c0bbe815a5bed72ef82f6424b6f05be5b108d1c748ecf35

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CU5VGsDHf5x6J6PGYZWyOOpgCpCIO%2F%2FaBPXSafbb18WHsuTE%2Bk7f3cYF1DehOfAGFMBdzdznK4bazBYhJnRPVckUiVnrSNc5CvabsCJtuGLUN2BOgwFr5qrVnXR72%2BbMW%2BC%2BGMgVV3wJas9qyK2cbZBkpDFo"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efc8faf9b45-FRA
expires: 0

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 4331 2 KB
2 KB 118ms
117ms XHR
application/json 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

7104ee81371b6fb333bd060a02cccb124ca342a0e1194f7dda5eb876a9b3a859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://windowsapp.com.se
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 4331 0
339 B 19ms
19ms XHR
application/json 185.86.139.59
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.59 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 4331 0
42 B 51ms
51ms XHR
text/plain 2606:4700::6812:272
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:272 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cf-ray: 6ece4efc88646933-FRA
x-err: Parsing the Prebid Request. ads.txt not fetchable or parsable
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4331 139 B
834 B 115ms
114ms XHR
application/json 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

20e14425f505979525a06f4f2c8bced6ac73c594121a9be1311912a7a3cd5b1b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: bd7beb74-8202-49ce-9cc5-98f21622b0ef
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 arj Show response
setupad-d.openx.net/w/1.0/ Frame 4331 73 B
101 B 23ms
22ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://setupad-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=5701eebc-5625-4968-a616-e071a65ec3e1&nocache=1647442303448&id5id=0&pubcid=4d18e712-0bd2-46c9-aa3a-39c5ba72f265&schain=1.0%2C1!setupad.com%2C407%2C1%2C%2C%2C&aus=300x250%2C250x250&divids=div-custom-ad-1647442303256-0&aucs=&auid=556674439
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: df828b82729c8c4e7777acc868455630085929d1c9408cab64427648a1b2bdd5

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://windowsapp.com.se
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 adjson Show response
ads.betweendigital.com/ Frame 4331 2 B
307 B 38ms
37ms XHR
application/json 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4331 257 B
1 KB 130ms
92ms XHR
application/json 2602:803:c003:200::61
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=13606&site_id=342930&zone_id=1810402&size_id=15&alt_size_ids=14&rp_schain=1.0,1!setupad.com,407,1,,,&eid_id5-sync.com=0%5E1%5E&rf=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&tk_flint=pbjs_lite_v6.6.0&x_source.tid=5701eebc-5625-4968-a616-e071a65ec3e1&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.999056579851181
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 2602:803:c003:200::61 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: c4cd26bc11c1d048476e731bb0bf5dabe1d3d74d2f8c03d0cd897792f83b3424

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
Server: nginx/1.16.0
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://windowsapp.com.se
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 257
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 4331 0
179 B 18ms
17ms XHR
text/plain 185.184.8.65
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.65 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-65.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H2 204 / Show response
hb.emxdgt.com/ Frame 4331 0
159 B 15ms
14ms XHR
text/plain 35.158.25.241
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.emxdgt.com/?t=3000&ts=1647442303451&src=pbjs
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.158.25.241 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-158-25-241.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: security, Content-Type

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 4331 461 B
788 B 113ms
96ms XHR
application/json 54.36.238.155
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.238.155 , France, ASN16276 (OVH, FR),
Reverse DNS: ip155.ip-54-36-238.eu
Software: /
Resource Hash: ed6ec6a2b2b965c396c8ad349b94a15cf5945b5d5c64b3b66c38a4699c45d526

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
x-prebid: pbs-go/unknown
vary: Origin
content-type: application/json
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 461
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 4331 0
218 B 74ms
18ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.6.0&cb=25285905122

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://windowsapp.com.se
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 4331 0
205 B 463ms
451ms XHR
text/plain 145.40.89.200
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 145.40.89.200 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://windowsapp.com.se
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 311
vary: origin, Accept-Encoding

GET
H2

200

1 Show response
mc.yandex.com/watch/49116760/
Redirect Chain

https://mc.yandex.com/watch/49116760?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%3A...
https://mc.yandex.com/watch/49116760/1?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%...

357 B
439 B

41ms
39ms

XHR
application/json

2a02:6b8::1:119
YNDX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/49116760/1?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%3A629%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A115022334916%3Ahid%3A119425449%3Az%3A0%3Ai%3A20220316145143%3Aet%3A1647442303%3Ac%3A1%3Arn%3A554076869%3Arqn%3A1%3Au%3A1647442303144902750%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647442302282%3Ads%3A28%2C19%2C413%2C1%2C0%2C0%2C%2C242%2C4%2C%2C%2C%2C704%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647442303%3At%3ALadda%20ner%20Hogia%20MyPayslip%20p%C3%A5%20datorn%20gratis%20-%20Windows%20PC%20och%20Mac%20%28Svenska%29&t=gdpr%2814%29aw%281%29ti%282%29

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

8e9f46162bbfc7c945497aa1ff0633c64c986a2825b39164d176f7beda048a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 16-Mar-2022 14:51:43 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 357
x-xss-protection: 1; mode=block
expires: Wed, 16-Mar-2022 14:51:43 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
last-modified: Wed, 16-Mar-2022 14:51:43 GMT
location: /watch/49116760/1?wmode=7&page-url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A7oivoclvhnsftt6hmgv%3Afp%3A629%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A760%3Acn%3A1%3Adp%3A0%3Als%3A115022334916%3Ahid%3A119425449%3Az%3A0%3Ai%3A20220316145143%3Aet%3A1647442303%3Ac%3A1%3Arn%3A554076869%3Arqn%3A1%3Au%3A1647442303144902750%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1647442302282%3Ads%3A28%2C19%2C413%2C1%2C0%2C0%2C%2C242%2C4%2C%2C%2C%2C704%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1647442303%3At%3ALadda%20ner%20Hogia%20MyPayslip%20p%C3%A5%20datorn%20gratis%20-%20Windows%20PC%20och%20Mac%20%28Svenska%29&t=gdpr%2814%29aw%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://windowsapp.com.se
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 16-Mar-2022 14:51:43 GMT

GET
H3 200 pubads_impl_2022031001.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 4331 362 KB
122 KB 8ms
7ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

sffe /

Resource Hash

50ef77c247263fdc6e0308a69334a3064176a1f4803e90eb0b45370231044fb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:02:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2942
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125087
x-xss-protection: 0
last-modified: Thu, 10 Mar 2022 09:34:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 16 Mar 2023 14:02:41 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F2B5 32 KB
10 KB 10ms
10ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85618
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 27F0 32 KB
10 KB 9ms
8ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85618
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2C01 32 KB
10 KB 15ms
14ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85618
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H2 200 cookie
cm.adform.net/ Frame 2D0E 43 B
105 B 27ms
23ms Image
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2

400

setuid
prebid-stag.setupad.net/ Frame 1CC5
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid-stag.setupad.net%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D1%2526gdpr_consent%253D%2526uid%253D%2524UID
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

36 B
36 B

27ms
26ms

Image
text/plain

2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASX1h9WKLEi6qw2yax6TX4HjI9mm1F%2Fd%2BuVbKTZaU9AnIHg4DFNCQp7rMQ8bbnxQgA1JMFVvOWRqiJ92xD%2Bezx8pZhBZYbz%2BmxNYFUAdMtutbMpEAaMjJg%2B37BP%2Fd1nI0yVdgqR6Du3t8B%2F8dNsUskVNxT36"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6ece4efe1a879b45-FRA
content-length: 36
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 03b8d91f-8c38-4869-bf70-e5fabf25b442
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/ Frame 4331 0
239 B 21ms
21ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/sync.php?p=prebid
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame F2B5 0
239 B 46ms
10ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=pbs-setupad&khaos=L0TOM0WD-7-A1KW
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-setupad&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2 200 cookie
cm.adform.net/ Frame 4331 43 B
105 B 19ms
18ms Image
image/gif 37.157.3.28
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.3.28 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:43 GMT
server: nginx
content-length: 43
content-type: image/gif

GET
H2

400

setuid
prebid-stag.setupad.net/ Frame 2D0E
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

36 B
36 B

71ms
69ms

Image
text/plain

2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFLiHY2SCqdj0FEaU2dIDbhFBhPLI5Lt7HDINPMYV%2Be1uWkYVCkX3DObil5bObzIAr8oqCce8YHuvH3mozvC9FMbBbccV22HREhN8qWPPy0fXIFHkKA8d8ttVfkOo0eKiGd9Fnda7mjLLyGggR6TIJzLia7n"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6ece4efe7b1b9b45-FRA
content-length: 36
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4ad341ca-04f5-45f0-93a0-49cb59ab64fa
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 2D0E 107 B
792 B 76ms
25ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2D0E 107 B
549 B 76ms
21ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2D0E 53 KB
12 KB 579ms
578ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1761881908530515&correlator=2366543795008847&output=ldjh&impl=fifs&eid=31065293%2C31065486%2C31065569&vrg=2022030702&ptt=17&sc=1&iu_parts=147246189%3A22384346533%2Cwindowsapp.com.se_728x90_desktop_4&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C468x60&ifi=1&adks=709794384&sfv=1-0-38&ecs=20220316&prev_scp=hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.20%26hb_adid%3D359f7cd1e6137aa%26hb_bidder%3Dadform&eri=1&cust_params=hb_rf%3D0%26hb_rf_ct%3D0&cookie_enabled=1&cdm=windowsapp.com.se&abxe=1&dt=1647442303684&lmt=1647442303&dlt=1647442303161&idt=435&biw=1600&bih=1200&isw=728&ish=150&oid=2&adxs=655&adys=1306&ucis=m5bm9n80243g&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=2&url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&top=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x150&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=987707022.1647442304&ga_sid=1647442304&ga_hid=413200076&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

298d4f474649f9030c206c12dfed1eaaa43919cfb296113433c26bd7caf31b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12278
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7214 6 KB
4 KB 263ms
133ms Document
text/html 2a00:1450:400e:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 16 Mar 2022 14:51:43 GMT
expires: Thu, 16 Mar 2023 14:51:43 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

400

setuid
prebid-stag.setupad.net/ Frame 4331
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631

36 B
36 B

31ms
31ms

Image
text/plain

2606:4700:20::681a:9b2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Server: 2606:4700:20::681a:9b2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vVavuFHF0mJfpaEdyqaQPWOh9vwaqm2x%2FxP1mE4%2Blx9OFYuKmBaFv9LpUi6e67rmcgs8Pm32cUIuWebyHTbY0JYzODu8GOU8S7cubXepNvI8PzBWn%2BmwLaHh8pn28%2Fz7FaXPu1G4vuvlRDNcF8BKVZRIGSQh"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
cf-ray: 6ece4efe4ad79b45-FRA
content-length: 36
expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:43 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8f6aac7c-40d2-4893-a1b8-4d7f352ff36f
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F2B5
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUT00wV0QtNy1BMUtX

170 B
188 B

71ms
71ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUT00wV0QtNy1BMUtX

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDBUT00wV0QtNy1BMUtX
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F2B5
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/MfNi2GRcM1_sD211VpP4kQ?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2779659342229516082

0
239 B

15ms
15ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2779659342229516082
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

date: Wed, 16 Mar 2022 14:51:44 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2779659342229516082
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

204

v1
ads.yahoo.com/cms/ Frame F2B5
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0TOM0WD-7-A1KW&sigv=1&esig=2~64941dbdd95dcc8ed27406faf5ec2da583258b98

0
194 B

192ms
37ms

Image
text/plain

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0TOM0WD-7-A1KW&sigv=1&esig=2~64941dbdd95dcc8ed27406faf5ec2da583258b98

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L0TOM0WD-7-A1KW&sigv=1&esig=2~64941dbdd95dcc8ed27406faf5ec2da583258b98
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame F2B5
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=REB-GMhOQOyc_Oky7_F9kw&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=REB-GMhOQOyc_Oky7_F9kw

43 B
556 B

109ms
108ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=REB-GMhOQOyc_Oky7_F9kw

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 94D43PYBCE9HQKWP7R95
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=REB-GMhOQOyc_Oky7_F9kw
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame F2B5 70 B
265 B 195ms
72ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F2B5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm=&google_sc=&google_tc=
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED4nIl18kl1iaSYxnf-wZCU&google_cver=1

0
239 B

41ms
41ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED4nIl18kl1iaSYxnf-wZCU&google_cver=1
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESED4nIl18kl1iaSYxnf-wZCU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame F2B5
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=qCI2s0esTNeXxAbZ2VQeLg&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qCI2s0esTNeXxAbZ2VQeLg

43 B
556 B

60ms
60ms

Image
image/gif

52.94.223.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qCI2s0esTNeXxAbZ2VQeLg

Protocol

HTTP/1.1

Server

52.94.223.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8Z5TW08N45XHJJW8C3G1
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=qCI2s0esTNeXxAbZ2VQeLg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 451 709414.gif
id.rlcdn.com/ Frame F2B5 0
0 90ms
59ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 1CC5 43 B
135 B 105ms
67ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?gdpr=1&gdpr_consent=&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24%7BUID%7D
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 5it9bnq8hvelpgttrmptptjqqbmb7rge

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 4331 43 B
351 B 72ms
65ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?gdpr=1&gdpr_consent=&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24%7BUID%7D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 0vqpcda2c8neanennopuj13jojkqblmt

GET
H2 200 prebid
rtb.openx.net/sync/ Frame 2D0E 43 B
134 B 71ms
71ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/prebid?gdpr=1&gdpr_consent=&r=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D1%26gdpr_consent%3D%26uid%3D%24%7BUID%7D
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:43 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: qqdj0lcd6s5c0k67gtk4bmt77s0jv4vu

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1CC5 107 B
122 B 124ms
59ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1CC5 107 B
122 B 122ms
62ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1CC5 54 KB
12 KB 500ms
499ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2809349134643177&correlator=1568257747400409&output=ldjh&impl=fifs&eid=31065568%2C31065632%2C44756894%2C44758229%2C31062931&vrg=2022030201&ptt=17&iu_parts=147246189%3A22384346533%2Cwindowsapp.com.se_980x300_desktop_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C728x90%7C980x300%7C750x100%7C750x150%7C750x200%7C750x300%7C800x250%7C930x180%7C950x90%7C970x90%7C970x210%7C980x120%7C980x150%7C980x200%7C980x240%7C980x250&ifi=1&adks=2309442881&sfv=1-0-38&ecs=20220316&prev_scp=hb_format%3Dbanner%26hb_adid%3D35e66ff3fb2637c%26hb_size%3D970x250%26hb_pb%3D0.10%26hb_bidder%3DadformS2S&eri=1&cust_params=hb_rf%3D0%26hb_rf_ct%3D0&sc=1&cookie_enabled=1&cdm=windowsapp.com.se&abxe=1&dt=1647442303850&lmt=1647442303&dlt=1647442303027&idt=365&biw=1600&bih=1200&isw=980&ish=150&oid=2&adxs=800&adys=482&ucis=4mqmqeopz1f6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=2&url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&top=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&frm=23&vis=1&scr_x=0&scr_y=0&psz=980x150&msz=980x0&fws=256&ohw=0&ea=0&ga_vid=992294624.1647442304&ga_sid=1647442304&ga_hid=414918788&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c9d175a0331b30bb23e424a8ecd9197f5ea71afcf381c3799434babac836b676

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12365
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E705 6 KB
3 KB 207ms
57ms Document
text/html 2a00:1450:400e:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 16 Mar 2022 14:51:44 GMT
expires: Thu, 16 Mar 2023 14:51:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 um
cs.emxdgt.com/ Frame 8B34 0
0 332ms
30ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
date: Wed, 16 Mar 2022 14:51:43 GMT
content-length: 0

GET
H2 204 um
cs.emxdgt.com/ Frame BD01 0
0 330ms
30ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
date: Wed, 16 Mar 2022 14:51:43 GMT
content-length: 0

GET
H2 204 um
cs.emxdgt.com/ Frame 3445 0
0 301ms
31ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?ssp=pbs&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Demx_digital%26uid%3D%24UID
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
date: Wed, 16 Mar 2022 14:51:43 GMT
content-length: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 4331 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 4331 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=windowsapp.com.se

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 4331 18 KB
10 KB 514ms
514ms XHR
text/plain 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3297426864033291&correlator=1988861544964820&eid=31065632%2C31065651%2C21068767&output=ldjh&gdfp_req=1&vrg=2022031001&ptt=17&impl=fifs&iu_parts=147246189%3A22384346533%2Cwindowsapp.com.se_300x250_desktop_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C250x250&ifi=1&adks=3653985131&sfv=1-0-38&ecs=20220316&fsapi=false&prev_scp=hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.09%26hb_adid%3D35765dab9264483%26hb_bidder%3Dadform&eri=1&cust_params=hb_rf%3D0%26hb_rf_ct%3D0&sc=1&cookie_enabled=1&cdm=windowsapp.com.se&abxe=1&dt=1647442303934&lmt=1647442303&dlt=1647442303204&idt=437&biw=1600&bih=1200&isw=300&ish=150&adxs=655&adys=1416&oid=2&ucis=i0085n27z5c9&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=2&url=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&top=https%3A%2F%2Fwindowsapp.com.se%2F1058455218%2Fhogia-mypayslip&frm=23&vis=1&scr_x=0&scr_y=0&psz=300x150&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=874690692.1647442304&ga_sid=1647442304&ga_hid=471249028&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

03011da94b0c8b7fced2c1bec091b94869b8973cf38634f9ce05ae82c815b43e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10011
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://windowsapp.com.se
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5446 6 KB
3 KB 123ms
57ms Document
text/html 2a00:1450:400e:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:801::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Wed, 16 Mar 2022 14:51:44 GMT
expires: Thu, 16 Mar 2023 14:51:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4331 14 KB
11 KB 109ms
42ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022031001&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d33f53567c4e23c98125a22a423f57d28098b944771e07033c98ea6a25f3ee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10542
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1CC5 14 KB
11 KB 107ms
43ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030201&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8de5d714ed7801fffddf4abe98608c15c70b4e0c158f9763806dbb334f583965

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10703
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2D0E 14 KB
11 KB 114ms
51ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030702&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

892a61f2f9f5d837751aae3a24438189a804567eed9abe111223309bc554d703

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10712
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202142035000/ Frame D999 220 KB
61 KB 97ms
8ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61563
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "74cdf3878bfbef53"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame D999 16 KB
6 KB 110ms
21ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5733
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42a91727bcc93df1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame D999 96 KB
29 KB 113ms
24ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29577
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42f1ed997a28c2a2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame D999 5 KB
2 KB 114ms
25ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1873
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8e63b195883091b5"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame D999 42 KB
13 KB 114ms
26ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13633
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c67c66f710e82a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame D999 8 KB
1 KB 37ms
36ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 14:39:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Mar 2022 14:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H2 200 sv.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D999 2 KB
2 KB 79ms
20ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/sv.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8a156849b40fa6cc8f51b9aaade18f983bdd7c626fc89a5df98dbdc9d6c57f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 03:12:51 GMT
x-content-type-options: nosniff
server: cafe
age: 41933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 8255909099252761064
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2276
x-xss-protection: 0
expires: Thu, 17 Mar 2022 03:12:51 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame D999 295 B
757 B 75ms
16ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 17919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Mar 2022 09:53:05 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D999 0
0 81ms
22ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTFI2B2EajZcYKfGIKftedvD1H7_tsMqb_rxWQMfpaTu8YGtj1PdSLo6e70nUAvIIoQCYi_
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D999 0
0 54ms
53ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAOFuf_kxYoW1LoeY3gOijqroC_uZsMtog937reYOvMXr4eMhEAEgjeS9KWCVypGCoAegAf_bisgDyAEJ4AIAqAMByAMKqgSKAk_QyOdqzmngiblLyPECOXr6ht6EDIJJJtg7pcZL-NJHALYzcOa3SODjsPh7jMQD9t6IqWKAQGf9GJ237EXPIJxFLtmiLUJ1mxgqVMCGL97i8Gn3Bq0Iv55nM8nkx8V7LILhCMuji7C63PkdYEfM27SXxalYAOxLgdpvKXXlHp2vw59984nELsRDFtPtjFkND5p0_mxlLThlKKKSO7s5rwTVx-dcwYTKD1OWes-kXB85GdDfgfhkcxZFICEojh4V7gJFxIwUEtbrR6X7YvQYJwBFAI9Iw6CR3_OCTSwqRGjdvbIQt9siH4AMttA2BIK80X3M026KbmK-LqFrgiNRsZfslRIJoici-odEwATR2caZswPgBAGSBQQIBBgBkgUECAUYBKAGLoAH8O6sogKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDeuzLSCAkIiOGAEBABGB2ACgPICwG4E4gn2BMMiBQC0BUBgBcBshceChwIABIUcHViLTczODMxNzE4MzA2MTQyMTYYleIf&sigh=jY9Fs3CSx3w&uach_m=[UACH]&cid=CAQSLgCNIrLM1jWzqt-X2eQV-14NCEUQOgcYFRYCLcMogon8ENLXB6DC1WLz3bFKYakYAQ&template_id=5000
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4331 17 KB
7 KB 73ms
34ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1CC5 17 KB
6 KB 92ms
58ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2D0E 17 KB
6 KB 67ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030702.js?cb=31065569

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/12283849878675885969/ Frame D999 3 KB
4 KB 15ms
15ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12283849878675885969/downsize_200k_v1?w=195&h=102

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f813ef29ce8ca621643ee09eb30494844119bb744430e5dff666c774dddc5dfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sat, 12 Mar 2022 22:10:23 GMT
x-content-type-options: nosniff
age: 319281
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3463
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 22:19:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 12 Mar 2023 22:10:23 GMT

GET
DATA 200
OK truncated
/ Frame D999 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D999 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D999 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 300b2941c0245ca9b54e376050d358e9e078d494e7bf734a3e3ecab8c7665b55

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame D999 28 KB
28 KB 37ms
9ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://windowsapp.com.se
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 22:47:37 GMT
x-content-type-options: nosniff
age: 57847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Mar 2023 22:47:37 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202142035000/ Frame 0AAB 220 KB
60 KB 52ms
19ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61563
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "74cdf3878bfbef53"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 0AAB 16 KB
6 KB 50ms
18ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5733
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42a91727bcc93df1"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 0AAB 96 KB
29 KB 68ms
37ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29577
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "42f1ed997a28c2a2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 0AAB 5 KB
2 KB 50ms
18ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1873
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8e63b195883091b5"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202142035000/v0/ Frame 0AAB 42 KB
13 KB 67ms
36ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202142035000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 10985
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13633
x-xss-protection: 0
server: sffe
date: Wed, 16 Mar 2022 11:48:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d3c67c66f710e82a"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 16 Mar 2023 11:48:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0AAB 8 KB
892 B 66ms
31ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 16 Mar 2022 14:35:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 16 Mar 2022 14:51:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H3 200 sv.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0AAB 2 KB
2 KB 51ms
17ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/sv.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8a156849b40fa6cc8f51b9aaade18f983bdd7c626fc89a5df98dbdc9d6c57f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 03:12:51 GMT
x-content-type-options: nosniff
server: cafe
age: 41933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 8255909099252761064
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2276
x-xss-protection: 0
expires: Thu, 17 Mar 2022 03:12:51 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0AAB 295 B
319 B 49ms
15ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030201.js?cb=31065568

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 17919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Mar 2022 09:53:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0AAB 0
0 64ms
30ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDz3UWqUg5NRtxDHX7L4Wr06qcc8kJpgp1vOQmTE-LmS0oE155vgQNlz0IbSGdEN7z2djxj8tWyKPFImdp86WA0mx49A
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0AAB 0
0 42ms
42ms Image
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CGErof_kxYunJN9KbgAfK2ZbwBvuZsMtog937reYOkZ3rj8AfEAEgjeS9KWCVypGCoAegAf_bisgDyAEJ4AIAqAMByAMKqgSLAk_QTROCRiDTRkLe-eJgJIR01HqCYYTwuhmbE_UVUXBPz4KKesxU8F_C7FzDuoJVoQ5i1WGOUa7A4RIzzoDG8QBUwT71XIEaNsqiOLcU-AeqLm8x4s_nigO90XczRaQN-YmV5kBX7MPHiTQSQdk4aQUpsaHA7zm04xN-yZBc2XpH4XssFWfVN8mSk4ALet_NFdPwKixBEzB6tUtzGlX2br1g2u5-B2-Ru_kjziYcAW3fDl3lBpvChfA-Vc2Tf4hen5LXJcVZe7eArJPpWn4PKwdXtpWW2sqlVsbVoTc3hnowL0WBuhXI0_ybXPRLfgp7E4syGCaA015XowHr07XqOQnt1op0fzibb0ZiWMAE0dnGmbMD4AQBkgUECAQYAZIFBAgFGASgBi6AB_DurKICqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQm-N60ggJCIDhgBAQARgdgAoDyAsBuBOIJ9gTDIgUAtAVAYAXAbIXHgocCAASFHB1Yi03MzgzMTcxODMwNjE0MjE2GJXiHw&sigh=NEXHSwFTD0w&uach_m=[UACH]&template_id=5000
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s53-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EE6C 13 KB
5 KB 20ms
11ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 14:08:16 GMT
expires: Thu, 16 Mar 2023 14:08:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2608
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame FCF7 783 B
533 B 33ms
27ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f11ccb62766a957a2fb59d81511a2d9051dd3bbbfaccf0293c2200fb0473c5ba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/aLUYuFArDs4tdwWrtQqMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 16 Mar 2022 14:51:44 GMT
date: Wed, 16 Mar 2022 14:51:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-/aLUYuFArDs4tdwWrtQqMg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9418 6 KB
3 KB 46ms
18ms Document
text/html 2a00:1450:400e:801::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031001.js?cb=31065651

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:801::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 14:51:44 GMT
expires: Thu, 16 Mar 2023 14:51:44 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BD68 13 KB
5 KB 17ms
16ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 14:08:16 GMT
expires: Thu, 16 Mar 2023 14:08:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2608
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7D6A 783 B
536 B 18ms
17ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

809fe728d4d5005f34217c7382252042cba4078bd9a8ae2fb133fa0dc37035ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PBNfWUA1gHk4WaHc0Rl2OA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 16 Mar 2022 14:51:44 GMT
date: Wed, 16 Mar 2022 14:51:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-PBNfWUA1gHk4WaHc0Rl2OA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 51D4 13 KB
5 KB 15ms
15ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 14:08:16 GMT
expires: Thu, 16 Mar 2023 14:08:16 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 2608
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 61DA 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8ca548364084212bc2c70df978e806019145586160d7ef0573d62f2b1d331532

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-O+X3TQGgShCn5SWjsj7sbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 16 Mar 2022 14:51:44 GMT
date: Wed, 16 Mar 2022 14:51:44 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-O+X3TQGgShCn5SWjsj7sbA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/18312686731199027670/ Frame 0AAB 10 KB
10 KB 15ms
13ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18312686731199027670/downsize_200k_v1?w=400&h=209

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd85f6df92f9ab71cc5d2c85b72ceb8ec601b7ebc40fa32c44aebfed98c4554c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 21:25:12 GMT
x-content-type-options: nosniff
age: 62792
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10237
x-xss-protection: 0
last-modified: Thu, 11 Nov 2021 22:19:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 15 Mar 2023 21:25:12 GMT

GET
DATA 200
OK truncated
/ Frame 0AAB 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0AAB 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 0AAB 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f4e8cdf425ff29dd8fdda98e39b0a94ee79fcf574204b9f81a1da83e6fa0d2fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v42/ Frame 0AAB 28 KB
28 KB 14ms
11ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v42/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://windowsapp.com.se
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 22:47:37 GMT
x-content-type-options: nosniff
age: 57847
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28328
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 21:57:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 15 Mar 2023 22:47:37 GMT

POST
H2 200 node.php Show response
node.setupad.com/node/ Frame 2D0E 0
209 B 67ms
19ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET, POST
content-type: text/html; charset=UTF-8

POST
H2 200 node.php Show response
node.setupad.com/node/ Frame 1CC5 0
208 B 21ms
20ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET, POST
content-type: text/html; charset=UTF-8

GET
H3 200 sv.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0AAB 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/sv.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8a156849b40fa6cc8f51b9aaade18f983bdd7c626fc89a5df98dbdc9d6c57f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 03:12:51 GMT
x-content-type-options: nosniff
server: cafe
age: 41933
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 8255909099252761064
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2276
x-xss-protection: 0
expires: Thu, 17 Mar 2022 03:12:51 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0AAB 295 B
319 B 9ms
9ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012202142035000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 17919
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 17 Mar 2022 09:53:05 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 72AF 624 B
504 B 20ms
19ms Document
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGM6EtMQBMAE&v=APEucNWk0AMbzNWI42ZBIlzxNrNIZJAEOYd_DPkHhsTAIu-akE9-3kWx220OTm2-MfU-G7F6o8wlmW-AEZFDv8htiEC4puOn8TXXS5Nf3L-dIVE_V9MuqTRjRgY3qrvW-EtX9gMCtTCQboVXtji51fIB5fN2DgOW5Kfm-I8es_gn4HvC9w5jciX7mwisZrunvw5eZfSnTR4dI-HaUiw-cIrcDWBPsaaTkQ

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 16 Mar 2022 14:51:44 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9418 79 KB
33 KB 49ms
48ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVdBF4msKTYIpvtQWRLSM6i0klC1HCKeO_kNoAlc1AhQvRZ3OIxuypgRAwtmZIvb30OtvIWMqOFYqYtU4nBp3ATgDrVgS8QcENCM8zdtW_uvkUY8FqlTR0SwCm0iSY-asfxBcK7hFAWX912a1LJXcTprKTUw&dbm_d=AKAmf-BjBuxEfKknnFd0NBsmW4oXT2rHi6lY3PlT50tLxVga0gse8neymrwoYcU-G3yTAnvUVFshf02ShBdrVwwA25kGUcEJ4QadGlv0VmsxLCfjBwkg-YR5KhqUfWCHzLHoCSBszNB_4gZWxgi6AXP4ufjJ2HqSSWhDpB3-YXowLdQFVZwB7Z0FOutYaYw9aYWAlQ6S3drdv_LkYzMNHB6Jtck3tWH0EPAuWvKIyQp9QgOv__fkCfRh7ZFKh10rlzBvhlgQl0tMriGRHPAxI7OEtqCBNmk41FgrpxQ9dQ9NwhUxtme6pSEY0rLprSgbN6njEdpupNzMColsO0-U92h0SUKnHYe7jWByVNjBXH3LU4aEcYJKPuO-elafmt9pF3v41kMS5Pme1ftXNwacYP41NAvlxHXtVzf5W_NGMtoyMnOCy0XHPirNv4AOOtK8oIAq6Ya9ICXXF1jMHfGeukVB-M8sp0NN4MFejSMrymZyD35KcZmkyLXjRqz6w1l9UN0DwPvuZslF8L10MJ9rhd0Z3FZARCjzVY0KkEE1BUtowZRw_qxOkFTKsEre6V3gayREVg3D5QKfIajUFWrnxJAXvCXE-UPkwXZmNNthCbHCtMxihohnBZ5ufXUhk9HOxOEMAG8lCxgKB1vV8rWxWYwPePVJVo_s4IZkmb2d-3y02CRbmsQXLuMsJ7Pq0T7tni6_n0EliPPD4YyuD4XvYRZTzBPIbZ9hoyFn6AMeAIg-CJMjCRUFDurLDiMZcZu1_oDL6mQhTM16SQcNNls7PUMhljOQzPTpEaeVoD6ZFM7HyhroIa5iqoJ--YqSbO9awUFkA7vmX51mlfhNDsLzXqD4VJB22BtJeW8wL4OTPXD50hWy0M73lBot2BqmMeIoqQ1h5-wnw6ocHjqD4ivw5ema2FG0VuMxdr5l5T6hJAQzDLR4vrkGWHaKh5EmlczggKom57_fvUxI6naiWX8N4zE4jowOBGbzvs0sIYAjM50PRRMuSc4eO2E43K_3doGI1nWjURDab2rBNK_kgmFOxfND-NfEHGwKxCll0femxcqw_f28WaOcLp261sf0DmGA3NW8aIOQmcdSLz2rlsUvWvZcxxQt54C1sIHiueyeevIbL3cdhJGR8hfs1g_A8lv09kloERy7LcexyObnVjRV_kQzTiInufvd0AyTeXAgR842Rv0bl3kagBm-DLZ-XgG9ixnUz8dEiChphzZDSi4pM5YNpKvh3z51ureNCMy-tJIYBhBi-EwRln_UyHfEVG1Ua1_2Lo6V7UyHKxQjG921GfGZJY8n5lFrhESXvuKj_O0zp8feQRON4BiGfiVkxPdO-N8-WiqxLL9tkTSTBm-DlNQthqVOc9kBfoeVZ5nbsT5KWYL-l9-D3DHum0yq_0Mk41xBfKOaw71RMbZ4GKuq7n2GGNbLr_XJPb58MvcaGsADM6-aWkZ7x0toishuKTt9fbQd8sigBQt2Th_tZo4XewJB7ZOsXUGl7oNRzFsyJ1nDiNDdlN9ggil41cMnwNOXdfkqVx2SELAK1GZtioYMWsY1a70izPdx82DvtVvQFFLvWnPOkYKmsODeVxVBATc1wpKT6Anrq_QbADxT3EjJku3oY7Au83ZBrvEaJHCRuK1Fo27Rf5V49lO69hGvw-Wy2kwmEJ9_uF3_IfRkFFSotJuyIHsIaA_vxXzjqJUfsJcEYHNuGkYYt83pOunfbfohbWQqeK6i90CqDBov8ehIPBrtDEob_0K3uglVXam3omlckp0528vmu_fhl1Aw50YxPV62M59hGUUn-LM2firAI-XoXm9kUFafLJf56F9kKqnAUVQHKUwL8ziuku_ysrknIkqfUvTdZmnuEla2Ezx5WvnhHoNjoiKRAv843_2_9ekzZ3gXSxKBPwIbPL4aEJ_awf_-2Py6DwX6d2LTUPhAoD7wkO9BgiwZjjnEwSxtaMXinecQ1eXrfREh7lyJWXCpMWRWaEiYN4QWlKizuPK_UyVDewCAm98VJv72DubUiNFn83-x6tLfoajH_P1HXraGTwIhUBTHZtWIVHmpmFyHEPTzNT-uKu3nSb92oTQUQN9JIazMhtdwVrZA5hidDacOpjnzNqOe3SLHCD_ft1N0NJW-uq-NC7no_0aPzveobSsTim3Fdf8BKma1ifv495VsH8S9cmNkcb7aiFSUTm0uYWkIQEF9eRz8XNUuWZNJkJ7k8U12rT6CSzDkcGTX6zqRzniSF1ymbZFgSUtfBQJ3ZYdltAVJGFDDGMobAgstYzhCjOpkzOgQQVohM3Rg46tS1c1saam-o3TkUgt3y4utGaQIeQJ11gHjWR_oqlrvJ4i7b0L-UYpvCS6MPlVN39OqkqkQYvjBd-H6_z5bCr3UxTqW-_7XW3m0-lD0dXr2ohnv_sJilYNHJSL_yoFEyjWcCJiz6F1tRCLCFH22XkY3nzUOeHxZw67vCkmv8rnjUk_OxDvSsYrauulfI3qEwacr9Rzr1QIAvpxkNcGABqy2Gva1AO7Vr43yyobQf8_zmWTzve_KYbvKzcB2sgEMnVQRfVf9fX4-tGMtIH2qbGEygPAVODTIdDGJRlQSkBOFYLCfdj6VGdmE0Gg9PQd2SnPxr4QkQ2EGQJMPaoBwVQyjIIVVsQCznFb4E2I74Rv-FqckxGw70cgxPJ3rNMGN5MzDHXwmVShBcUs4V-xQ4nHjn2rlUdLqpxHsFRVd__QbwP0OmDKwHp1HHqCRzUtk8k_BGmbtik9sy2qiPQmIxANhBfpypnML6LUChkRVxzNV3QJ9LNhNmT4oc8BzbdFl6WJsYv1Nago1PTX2ZGOok1IPvMhfOXY7s8Y2SPWWIDU4J_e3Q6ukHZMDRnjP90N2zGMFmJpzAnv3-N9PTQBecOXZ_HKxRa6WFWPzmDuSDGteH_Aaao_JgPrVst6JzCrmq-gZ6k2cjxkTvOfsdnXyonzWfXWzrPDcYM9KwJ5Y9MnuUtpkqiSjTBH0jwZhxHMnCCYJlUWNiC1Eq_yjrm-bXQCmLjFh0D23Cu8PAAvm3qytFqVFo7v4qyJcyP8G_PfWx1F4tnotub_A2oPVSy_reHtm3sYG6LQP2-qab3fX2xv09z5J3u7ExQJfaGtsvAGV8_OSwYK8mRHfWfavht-UD52IjoLauZDIh2ZPyCZLq9v2wTjYmUq5Rn3k6muabyMJIXdjZ391uqk86vGYevu-OqWVmpUmwWLJ0f_EFEwwwNSaOBEgJ2UyoXBjqonLhXMd67LOOr0nAd3u4Tqxw0S4kao4O68lscTE9UOykLqUVRdEpYrXXYSQM64AWoqohAAk6F5uyh4IQ9rjMRaAb_oF8qiT8CsA6XHMjhRcbgZAXHpxGVIv1cnlhcXEiIgC2CV2EblRCdUjxJNeMIYG&cid=CAASJORo2vrTSf6mlxM4Lzd_trOasP90wpAl2fW_Qh61-PuWfpfaOg&rfl=3%2Chttps%253A%252F%252Fwindowsapp.com.se%242%2C%2Chttps%253A%252F%252Fwindowsapp.com.se%252F%240

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

f359298d704a3d9cbd9db23eb19eaa522a75ef367ec5c15e46c3cb8681cd802f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33400
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9418 42 B
63 B 60ms
43ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AFgp-BrFIo9QSAFxO_ymP2WdX7udRwj6QRcyfYAF3j0Orh6iZe4SZVLX56DYDX_lFchjNYpWkyZNdQucBaJgJh7kJyFjwCRSqIastYsNUCeXaf_jE

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/ Frame 9418 2 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/window_focus_fy2019.js

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:33:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1066
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 14:33:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9418 117 KB
36 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36369
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1647258231097430"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/ Frame 9418 15 KB
6 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220314/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:48:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 171
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 14:48:53 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame FCF7 0
0 79ms
63ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022031001&jk=3297426864033291&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js Show response
pagead2.googlesyndication.com/bg/ Frame EE6C 35 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7c372950a35c41d865890a2fa4ba31bb5896dc186dbb4ea0cc6522281e5f3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 12:03:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7D6A 0
0 63ms
62ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030702&jk=1761881908530515&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 61DA 0
0 63ms
63ms Image
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030201&jk=2809349134643177&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 72AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1&C=1

43 B
1014 B

57ms
57ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGM6EtMQBMAE&v=APEucNWk0AMbzNWI42ZBIlzxNrNIZJAEOYd_DPkHhsTAIu-akE9-3kWx220OTm2-MfU-G7F6o8wlmW-AEZFDv8htiEC4puOn8TXXS5Nf3L-dIVE_V9MuqTRjRgY3qrvW-EtX9gMCtTCQboVXtji51fIB5fN2DgOW5Kfm-I8es_gn4HvC9w5jciX7mwisZrunvw5eZfSnTR4dI-HaUiw-cIrcDWBPsaaTkQ
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 16 Mar 2022 14:51:44 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 72AF
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YjH5gI5pKkeYcLYdEw0IoQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1

43 B
1014 B

43ms
43ms

Image
image/gif

104.102.29.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGM6EtMQBMAE&v=APEucNWk0AMbzNWI42ZBIlzxNrNIZJAEOYd_DPkHhsTAIu-akE9-3kWx220OTm2-MfU-G7F6o8wlmW-AEZFDv8htiEC4puOn8TXXS5Nf3L-dIVE_V9MuqTRjRgY3qrvW-EtX9gMCtTCQboVXtji51fIB5fN2DgOW5Kfm-I8es_gn4HvC9w5jciX7mwisZrunvw5eZfSnTR4dI-HaUiw-cIrcDWBPsaaTkQ
Protocol: HTTP/1.1
Server: 104.102.29.65 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-29-65.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:45 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 16 Mar 2022 14:51:45 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESED4w7C_ufxEc8a6nfpKouSE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 72AF
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDiJMv_Q4IYksCwXhKZCDo0&google_cver=1

43 B
1018 B

61ms
60ms

Image
image/gif

185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDiJMv_Q4IYksCwXhKZCDo0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CI-DLxCv7fgBGM6EtMQBMAE&v=APEucNWk0AMbzNWI42ZBIlzxNrNIZJAEOYd_DPkHhsTAIu-akE9-3kWx220OTm2-MfU-G7F6o8wlmW-AEZFDv8htiEC4puOn8TXXS5Nf3L-dIVE_V9MuqTRjRgY3qrvW-EtX9gMCtTCQboVXtji51fIB5fN2DgOW5Kfm-I8es_gn4HvC9w5jciX7mwisZrunvw5eZfSnTR4dI-HaUiw-cIrcDWBPsaaTkQ

Protocol

HTTP/1.1

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 38dcdd30-5a2b-46d2-ab2f-dcc96952bf08
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDiJMv_Q4IYksCwXhKZCDo0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 72AF
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxNDcyNDkyMTYwODczNzYzMQ%3D%3D

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxNDcyNDkyMTYwODczNzYzMQ%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:44 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 765c3d75-4507-4d05-817b-bac42ea35a2a
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDIxNDcyNDkyMTYwODczNzYzMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js Show response
pagead2.googlesyndication.com/bg/ Frame BD68 35 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7c372950a35c41d865890a2fa4ba31bb5896dc186dbb4ea0cc6522281e5f3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 12:03:20 GMT

GET
H3 200 t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js Show response
pagead2.googlesyndication.com/bg/ Frame 51D4 35 KB
14 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7c372950a35c41d865890a2fa4ba31bb5896dc186dbb4ea0cc6522281e5f3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10104
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 12:03:20 GMT

GET
H2 200 express_html_obb_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 9418 119 KB
42 KB 45ms
19ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a57cecd2bf4d6d3b8498c67487333f6dc9e102371f5e48ffc7fcf18a6e8487e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
Origin: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 11:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42555
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:53 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Mar 2022 11:59:03 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220314/r20110914/elements/html/ Frame 9418 8 KB
3 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220314/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BVdBF4msKTYIpvtQWRLSM6i0klC1HCKeO_kNoAlc1AhQvRZ3OIxuypgRAwtmZIvb30OtvIWMqOFYqYtU4nBp3ATgDrVgS8QcENCM8zdtW_uvkUY8FqlTR0SwCm0iSY-asfxBcK7hFAWX912a1LJXcTprKTUw&dbm_d=AKAmf-BjBuxEfKknnFd0NBsmW4oXT2rHi6lY3PlT50tLxVga0gse8neymrwoYcU-G3yTAnvUVFshf02ShBdrVwwA25kGUcEJ4QadGlv0VmsxLCfjBwkg-YR5KhqUfWCHzLHoCSBszNB_4gZWxgi6AXP4ufjJ2HqSSWhDpB3-YXowLdQFVZwB7Z0FOutYaYw9aYWAlQ6S3drdv_LkYzMNHB6Jtck3tWH0EPAuWvKIyQp9QgOv__fkCfRh7ZFKh10rlzBvhlgQl0tMriGRHPAxI7OEtqCBNmk41FgrpxQ9dQ9NwhUxtme6pSEY0rLprSgbN6njEdpupNzMColsO0-U92h0SUKnHYe7jWByVNjBXH3LU4aEcYJKPuO-elafmt9pF3v41kMS5Pme1ftXNwacYP41NAvlxHXtVzf5W_NGMtoyMnOCy0XHPirNv4AOOtK8oIAq6Ya9ICXXF1jMHfGeukVB-M8sp0NN4MFejSMrymZyD35KcZmkyLXjRqz6w1l9UN0DwPvuZslF8L10MJ9rhd0Z3FZARCjzVY0KkEE1BUtowZRw_qxOkFTKsEre6V3gayREVg3D5QKfIajUFWrnxJAXvCXE-UPkwXZmNNthCbHCtMxihohnBZ5ufXUhk9HOxOEMAG8lCxgKB1vV8rWxWYwPePVJVo_s4IZkmb2d-3y02CRbmsQXLuMsJ7Pq0T7tni6_n0EliPPD4YyuD4XvYRZTzBPIbZ9hoyFn6AMeAIg-CJMjCRUFDurLDiMZcZu1_oDL6mQhTM16SQcNNls7PUMhljOQzPTpEaeVoD6ZFM7HyhroIa5iqoJ--YqSbO9awUFkA7vmX51mlfhNDsLzXqD4VJB22BtJeW8wL4OTPXD50hWy0M73lBot2BqmMeIoqQ1h5-wnw6ocHjqD4ivw5ema2FG0VuMxdr5l5T6hJAQzDLR4vrkGWHaKh5EmlczggKom57_fvUxI6naiWX8N4zE4jowOBGbzvs0sIYAjM50PRRMuSc4eO2E43K_3doGI1nWjURDab2rBNK_kgmFOxfND-NfEHGwKxCll0femxcqw_f28WaOcLp261sf0DmGA3NW8aIOQmcdSLz2rlsUvWvZcxxQt54C1sIHiueyeevIbL3cdhJGR8hfs1g_A8lv09kloERy7LcexyObnVjRV_kQzTiInufvd0AyTeXAgR842Rv0bl3kagBm-DLZ-XgG9ixnUz8dEiChphzZDSi4pM5YNpKvh3z51ureNCMy-tJIYBhBi-EwRln_UyHfEVG1Ua1_2Lo6V7UyHKxQjG921GfGZJY8n5lFrhESXvuKj_O0zp8feQRON4BiGfiVkxPdO-N8-WiqxLL9tkTSTBm-DlNQthqVOc9kBfoeVZ5nbsT5KWYL-l9-D3DHum0yq_0Mk41xBfKOaw71RMbZ4GKuq7n2GGNbLr_XJPb58MvcaGsADM6-aWkZ7x0toishuKTt9fbQd8sigBQt2Th_tZo4XewJB7ZOsXUGl7oNRzFsyJ1nDiNDdlN9ggil41cMnwNOXdfkqVx2SELAK1GZtioYMWsY1a70izPdx82DvtVvQFFLvWnPOkYKmsODeVxVBATc1wpKT6Anrq_QbADxT3EjJku3oY7Au83ZBrvEaJHCRuK1Fo27Rf5V49lO69hGvw-Wy2kwmEJ9_uF3_IfRkFFSotJuyIHsIaA_vxXzjqJUfsJcEYHNuGkYYt83pOunfbfohbWQqeK6i90CqDBov8ehIPBrtDEob_0K3uglVXam3omlckp0528vmu_fhl1Aw50YxPV62M59hGUUn-LM2firAI-XoXm9kUFafLJf56F9kKqnAUVQHKUwL8ziuku_ysrknIkqfUvTdZmnuEla2Ezx5WvnhHoNjoiKRAv843_2_9ekzZ3gXSxKBPwIbPL4aEJ_awf_-2Py6DwX6d2LTUPhAoD7wkO9BgiwZjjnEwSxtaMXinecQ1eXrfREh7lyJWXCpMWRWaEiYN4QWlKizuPK_UyVDewCAm98VJv72DubUiNFn83-x6tLfoajH_P1HXraGTwIhUBTHZtWIVHmpmFyHEPTzNT-uKu3nSb92oTQUQN9JIazMhtdwVrZA5hidDacOpjnzNqOe3SLHCD_ft1N0NJW-uq-NC7no_0aPzveobSsTim3Fdf8BKma1ifv495VsH8S9cmNkcb7aiFSUTm0uYWkIQEF9eRz8XNUuWZNJkJ7k8U12rT6CSzDkcGTX6zqRzniSF1ymbZFgSUtfBQJ3ZYdltAVJGFDDGMobAgstYzhCjOpkzOgQQVohM3Rg46tS1c1saam-o3TkUgt3y4utGaQIeQJ11gHjWR_oqlrvJ4i7b0L-UYpvCS6MPlVN39OqkqkQYvjBd-H6_z5bCr3UxTqW-_7XW3m0-lD0dXr2ohnv_sJilYNHJSL_yoFEyjWcCJiz6F1tRCLCFH22XkY3nzUOeHxZw67vCkmv8rnjUk_OxDvSsYrauulfI3qEwacr9Rzr1QIAvpxkNcGABqy2Gva1AO7Vr43yyobQf8_zmWTzve_KYbvKzcB2sgEMnVQRfVf9fX4-tGMtIH2qbGEygPAVODTIdDGJRlQSkBOFYLCfdj6VGdmE0Gg9PQd2SnPxr4QkQ2EGQJMPaoBwVQyjIIVVsQCznFb4E2I74Rv-FqckxGw70cgxPJ3rNMGN5MzDHXwmVShBcUs4V-xQ4nHjn2rlUdLqpxHsFRVd__QbwP0OmDKwHp1HHqCRzUtk8k_BGmbtik9sy2qiPQmIxANhBfpypnML6LUChkRVxzNV3QJ9LNhNmT4oc8BzbdFl6WJsYv1Nago1PTX2ZGOok1IPvMhfOXY7s8Y2SPWWIDU4J_e3Q6ukHZMDRnjP90N2zGMFmJpzAnv3-N9PTQBecOXZ_HKxRa6WFWPzmDuSDGteH_Aaao_JgPrVst6JzCrmq-gZ6k2cjxkTvOfsdnXyonzWfXWzrPDcYM9KwJ5Y9MnuUtpkqiSjTBH0jwZhxHMnCCYJlUWNiC1Eq_yjrm-bXQCmLjFh0D23Cu8PAAvm3qytFqVFo7v4qyJcyP8G_PfWx1F4tnotub_A2oPVSy_reHtm3sYG6LQP2-qab3fX2xv09z5J3u7ExQJfaGtsvAGV8_OSwYK8mRHfWfavht-UD52IjoLauZDIh2ZPyCZLq9v2wTjYmUq5Rn3k6muabyMJIXdjZ391uqk86vGYevu-OqWVmpUmwWLJ0f_EFEwwwNSaOBEgJ2UyoXBjqonLhXMd67LOOr0nAd3u4Tqxw0S4kao4O68lscTE9UOykLqUVRdEpYrXXYSQM64AWoqohAAk6F5uyh4IQ9rjMRaAb_oF8qiT8CsA6XHMjhRcbgZAXHpxGVIv1cnlhcXEiIgC2CV2EblRCdUjxJNeMIYG&cid=CAASJORo2vrTSf6mlxM4Lzd_trOasP90wpAl2fW_Qh61-PuWfpfaOg&rfl=3%2Chttps%253A%252F%252Fwindowsapp.com.se%242%2C%2Chttps%253A%252F%252Fwindowsapp.com.se%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 14:51:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220314/r20110914/ Frame 9418 25 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220314/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:47:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 14:47:05 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9418 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9454 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Wed, 16 Mar 2022 05:53:44 GMT
expires: Thu, 17 Mar 2022 05:53:44 GMT
cache-control: public, max-age=86400
age: 32280
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/ Frame 4C4E 5 KB
2 KB 23ms
8ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d8fe0d751bdb800d5189557f619c2e3d46b06a8ecd91461ff18b47c56970e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 1654
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 16 Mar 2022 13:50:11 GMT
expires: Thu, 17 Mar 2022 13:50:11 GMT
cache-control: public, max-age=86400
age: 3693
last-modified: Tue, 08 Mar 2022 13:36:53 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9418 0
571 B 72ms
39ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssu8VhXDk1BrpyoiC95MKf12GcRzCgbYM4SBh8rGxaEL0Rt6-BsLklqMM_ojcFyVMa2S6Yn7JYrQRn7m9oZdQvGcc2DfTmN6SiarR5mv-FhrHzdaGLlygaHaNew0OItEcYV1cFQsgswZBEm2bpL-vrUfyWui9CVP--AxkkxUXSssU3JMVC0yZind5ffUGjTXcEfaDSh3mRh9qz48qsYYW4DpJZY-HAKnAD1UwLg1hh_ip2RWIBdillFUHwr8pfL6ygm9w56KC9cxheFN_nsk9HyKD51mzJNKyW4drGMTQxPzLQ49coYaw0cc2MNH4UG9fHkpI4SXFDPq5yNdqIiaDzIgIXJTqZhNWNpPMrKZ9XPCSx3JBqVCkaJcNgfDfbFtlUrVtBrvAaQNH9FPDN3ufKmxdJ56VfrodWcr43yAZdop_QGHnjPHSwagwa39oqckyxOqmWrXJWbfMgcvIvfCbUfli0yCjeBTL1cCbPbkp3eq-lxE-gsZcRjWrWezEMMDqnrhDICFye-6P-O2TLeO9XJvqB5-3_BigWACOwxFRZ6fx_-Y2RusGNQxPNvnIRhM8zrtTI1-6G3dO0bOBhQ2TbsoRezfeVPo_cIpXhz7AXGx47gYNqC2nj0g6zXr_svQVd7DNxWnIF1HMPq-xfUVIhj5C3zl_tKHLMx-EhzunLHg5WH8rFwWdnZF_hHFAcdj3fAOlKBsVP9q9zjmj4aIyIxapzTCurk9MW62k3R29yRQYtzLk84J0oN93ntR_yqs6dskktHPl9gmIh-RehYBmRBPwSN9tb8HFezmfs7FljoKAzuQUAXaW2fZkKNZo3KhbFdAsCHYSfcEnvUpbqNFnJYJqwfqmQfqIP8RCI0pJtBJmf7p7mlYbruHRR0pUVWCbsY0_fL4tTgxibyFLUMwvnU96ikOdz0HAXRd2PIp9t1rurSTpdvIPWSOQmC4mw41Zf4ob_JO6wa7sidm21FV3UJ5AaPcIGtlIXOwF2MmkjkLMOZFfbszslpE0nQbN697LdowbQfFvKJaKHqg9CeNVUb-feibLYUzQpDGXLRqIywdypBGrb-7_5GdE1nGF1xnNP_81u5vJ_a-OlYy_2qBo_wtI4UlcduvDZfQTnQCJ84b9V5VZaXiiIqFoY5F6O_sQpCL5KiFpXarPr5VwSBrP3iAowzd0KAFx3vCmdiWlCO8a__5LnQX_Z3YyyQL_lQ99ZJKfNDVUunreavx3LCEdzpyPzv-Ezh6UUYstc4Pls3RW3CL9qRNq1xqC0axue4Ekz1U3VARnYySfNibLCp2Io9aUAX3M4v_MG3OaDvcmooI8Ob2NS6dSP7Vg03r7WjcygO1zBERw&sai=AMfl-YTSK8tY26frO1W_zMByBvEBugCGn4obYOFgHDEv1Lgzli_Bf6ck-QA_fUfRAPUtqPulUTYJOFWZWbDzHEdjIeaGqVMVnkD6efChZ4Sg3wwCqYrMnXOY4-w1iV-a8zNh9z0ohR2CAx2bA5ArPxRvIltoyEJmBy8NAmDFRibUHOezbC5rQozvSY8562a9LOH7Bq3pHRPR7nEnNpqKB7PKPA&sig=Cg0ArKJSzFBl4w195t9kEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=164&cbvp=1&cstd=158&cisv=r20220314.53645&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 16 Mar 2022 14:51:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
DATA 200
OK truncated
/ Frame 9418 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ccc2051c1c310db2acfc4ddb7e7a171e99206d5c3f7620f8285e592dc6191a9d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame AFC8 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 15 Mar 2022 09:37:02 GMT
expires: Wed, 15 Mar 2023 09:37:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 105282
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad.css
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/css/ Frame 4C4E 1 KB
497 B 9ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/css/ad.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0433066749ee4fb16495f32ccfac5e2c4ccbc33d627f8b0b7dd5a067890901dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 471
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 59 KB
59 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/img1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f177f189390c26badf62561e994632724bb7853f3a4d8f6295ac27197bd281b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60511
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 57 KB
57 KB 28ms
28ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/img2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2243e32e38c264e26c6bdc268c16b9b72dd2eb2d04bb066add053fd51a4ef60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
x-content-type-options: nosniff
age: 83225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58135
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 img3.jpg
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 60 KB
60 KB 27ms
26ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/img3.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1fc20220a096c97f2e0c7ecd5b9d118d266241d5981e28934cca73217969f1ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
x-content-type-options: nosniff
age: 83225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61183
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 txt1.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 12 KB
12 KB 26ms
25ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe11ce0457add6457536aa0522f735750f3c80cb5fa3afe2066f4e305933d566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
x-content-type-options: nosniff
age: 83225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12387
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 txt1b.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 5 KB
5 KB 12ms
12ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt1b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

409b345fced6a3224914032b35b8dfdcfbb921e1f9ccc856038a1b5c409a6174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
x-content-type-options: nosniff
age: 83225
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5510
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H3 200 txt2.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 10 KB
10 KB 26ms
25ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d380b62514e693944e7fd9cc0e890f0061b5b5bd6eb36b9a36ced810a7f58c84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10006
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 txt2b.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 6 KB
6 KB 27ms
27ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt2b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

52e7909abeb47de2addee1a3024b2ffc814c67e7e65e68c886390d0da587fd1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:45:08 GMT
x-content-type-options: nosniff
age: 83197
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5871
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:45:08 GMT

GET
H3 200 txt3.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 14 KB
14 KB 33ms
32ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4ca2033aec0384cafe5dd7904ccbcf205a51ffdeb26ea51b1432206bcac516e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14379
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 txt3b.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 8 KB
8 KB 34ms
33ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/txt3b.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c219f318f78435b18998b64eee14c356cd847a05cdc237717111295ac34d5952

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8673
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 cta_img1.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/cta_img1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90f96342fefdfaa355b4f206d9ba68c33a65a232e405d02e97d13452cde08f4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1710
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 cta_img2.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 2 KB
2 KB 38ms
37ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/cta_img2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f5431663ee393313e400fbb9710f5c0b6395436bca452c039ae802a0b6ae9d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1689
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 info_text.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 2 KB
2 KB 39ms
38ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/info_text.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9dde8f4060567c11ca47dab3deef4c16257d00a0181a69f89eb52d69c4057c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2517
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 logo.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 5 KB
5 KB 37ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9f155f273077f4c9cc5efff09100861b5e7ae509c037732c802ad3b28a53679

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4690
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 btn_info.png
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/ Frame 4C4E 709 B
733 B 37ms
36ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/img/btn_info.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33d41bee0032c7f68066fd12755e3fe4ab04c745f5a05b3fad8b8f62642017f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:41 GMT
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 709
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:41 GMT

GET
H3 200 tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 4C4E 105 KB
35 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.18.0_499ba64a23378545748ff12d372e59e9_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35824
x-xss-protection: 0
last-modified: Fri, 09 Oct 2015 14:01:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 14:51:44 GMT

GET
H3 200 ad.js Show response
s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/js/ Frame 4C4E 9 KB
3 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/js/ad.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fabf7e4baa7ac99f9339ff91d4532a097a6f0e6825eb67541a720ac248a78ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9208292/1646746613975/006_0_5_2AdBundle-MediumRectangle_300x250_Bond_Vorteilswochen_MazdaCX-5_MazdaCX-5_Mazda/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Mar 2022 15:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83224
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2658
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 13:36:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 16 Mar 2022 15:44:40 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 9454 35 B
465 B 46ms
12ms Image
image/gif 2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEI_DpeLZqzJNplfBcFUtJN4&google_cver=1&google_push=AYg5qPJnC4BTOYO6xnMIWsh-XImq9fwn1s-6tAi940aTDDzIiM1DcsBTstVhdp91YNx23NVSeySUEYRiwq7hVmCgQSpb_PnKZpg

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:45 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 9454
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs...

43 B
417 B

178ms
167ms

Image
image/gif

2606:4700::6812:c05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Server: 2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:45 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ece4f0a9d9c911e-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:45 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 415
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6ece4f064e63911e-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEE26x12YxsddZdEOIQLNRSU&google_cver=1&google_push=AYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPJNifCyThvvxi_rGNtKUlZYkLbaRAPgnKYDB1zAv5gko0Hb_x7VDGAYRe795hN3DFAyACm-f2qEkRanyGpj0wxpJXrvCMs%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 9454 70 B
264 B 34ms
33ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEPYe_WYM2qWZajwAX2AeH9Y&google_cver=1&google_push=AYg5qPJI4jFN7i7WeUK0W584hq20UupuNRoSgl_duJM-yre-8Sh4WxxCTb6kCGXAnf-eH4dUzLjMQTuCvJV4T68OwIzczdx_F5k
Requested by: Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEONOOUtSm2IKjuSNrvqCEOk&google_cver=1&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEONOOUtSm2IKjuSNrvqCEOk&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt&google_hm=SGdyUXEwbThPNVJfSVph...

170 B
188 B

19ms
19ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt&google_hm=SGdyUXEwbThPNVJfSVphZXZadEY=

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:46 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJjd2OVz7tcK4TpppGbGOftQj0sNkGvC5lm_zKPWk6_SgjXyNYEIN7q83u0qSpMUorGExfl_dnG2ORMa17ciwCgTJ0MhXHt&google_hm=SGdyUXEwbThPNVJfSVphZXZadEY=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 236
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=w0VfD5qbRSmWO8zZYKmtRw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=w0VfD5qbRSmWO8zZYKmtRw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJgsWCLMzJTiq4uw-_y6NvJcZR_Xa4DPbQGPTIrhvfzMQVxP_7L8JR0qGolx2kY7F8NwctzHP-q6fBr3YUej14zT1AIect6

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=w0VfD5qbRSmWO8zZYKmtRw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJgsWCLMzJTiq4uw-_y6NvJcZR_Xa4DPbQGPTIrhvfzMQVxP_7L8JR0qGolx2kY7F8NwctzHP-q6fBr3YUej14zT1AIect6
date: Wed, 16 Mar 2022 14:51:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 9454 42 B
233 B 269ms
90ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=11&google_gid=CAESEImaRl0c9fjFhjht5zaJpnc&google_cver=1&google_push=AYg5qPIZNzCUzctzL115C_njm-TLodGkfSWkaBc0q8TB1Vy-let2RKWBRymjtwUUwOolHfMw8SXAFaNb3E7Bf-mnlE9fpnp6LXLs
Requested by: Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:45 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET

pixel
cm.g.doubleclick.net/ Frame 9454
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEJsz-kQ6vDqWXqydo3YcBIM&google_cver=1&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEJsz-kQ6vDqWXqydo3YcBIM&google_cver=1&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGx...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmG...

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9454 0
12 B 16ms
15ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I7VVfCidtNpzOXBWtbcf-nT9oELGVCfsxzmPAthcnurlN6Bye32YwjdRUUGGHR_rFKRGtw

Requested by

Host: 8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
URL: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BD68 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?B9Or1w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 TjpYlOcWKM7YNRcoDyE6vgMo6zJPBqbQyyiG91AfIxw.js Show response
pagead2.googlesyndication.com/bg/ Frame AFC8 35 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/TjpYlOcWKM7YNRcoDyE6vgMo6zJPBqbQyyiG91AfIxw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e3a5894e71628ced83517280f213abe0328eb324f06a6d0cb2886f7501f231c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13855
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 14:51:44 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 51D4 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?LIze5Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EE6C 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?nx1fGA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9418 0
23 B 49ms
32ms Ping
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssu8VhXDk1BrpyoiC95MKf12GcRzCgbYM4SBh8rGxaEL0Rt6-BsLklqMM_ojcFyVMa2S6Yn7JYrQRn7m9oZdQvGcc2DfTmN6SiarR5mv-FhrHzdaGLlygaHaNew0OItEcYV1cFQsgswZBEm2bpL-vrUfyWui9CVP--AxkkxUXSssU3JMVC0yZind5ffUGjTXcEfaDSh3mRh9qz48qsYYW4DpJZY-HAKnAD1UwLg1hh_ip2RWIBdillFUHwr8pfL6ygm9w56KC9cxheFN_nsk9HyKD51mzJNKyW4drGMTQxPzLQ49coYaw0cc2MNH4UG9fHkpI4SXFDPq5yNdqIiaDzIgIXJTqZhNWNpPMrKZ9XPCSx3JBqVCkaJcNgfDfbFtlUrVtBrvAaQNH9FPDN3ufKmxdJ56VfrodWcr43yAZdop_QGHnjPHSwagwa39oqckyxOqmWrXJWbfMgcvIvfCbUfli0yCjeBTL1cCbPbkp3eq-lxE-gsZcRjWrWezEMMDqnrhDICFye-6P-O2TLeO9XJvqB5-3_BigWACOwxFRZ6fx_-Y2RusGNQxPNvnIRhM8zrtTI1-6G3dO0bOBhQ2TbsoRezfeVPo_cIpXhz7AXGx47gYNqC2nj0g6zXr_svQVd7DNxWnIF1HMPq-xfUVIhj5C3zl_tKHLMx-EhzunLHg5WH8rFwWdnZF_hHFAcdj3fAOlKBsVP9q9zjmj4aIyIxapzTCurk9MW62k3R29yRQYtzLk84J0oN93ntR_yqs6dskktHPl9gmIh-RehYBmRBPwSN9tb8HFezmfs7FljoKAzuQUAXaW2fZkKNZo3KhbFdAsCHYSfcEnvUpbqNFnJYJqwfqmQfqIP8RCI0pJtBJmf7p7mlYbruHRR0pUVWCbsY0_fL4tTgxibyFLUMwvnU96ikOdz0HAXRd2PIp9t1rurSTpdvIPWSOQmC4mw41Zf4ob_JO6wa7sidm21FV3UJ5AaPcIGtlIXOwF2MmkjkLMOZFfbszslpE0nQbN697LdowbQfFvKJaKHqg9CeNVUb-feibLYUzQpDGXLRqIywdypBGrb-7_5GdE1nGF1xnNP_81u5vJ_a-OlYy_2qBo_wtI4UlcduvDZfQTnQCJ84b9V5VZaXiiIqFoY5F6O_sQpCL5KiFpXarPr5VwSBrP3iAowzd0KAFx3vCmdiWlCO8a__5LnQX_Z3YyyQL_lQ99ZJKfNDVUunreavx3LCEdzpyPzv-Ezh6UUYstc4Pls3RW3CL9qRNq1xqC0axue4Ekz1U3VARnYySfNibLCp2Io9aUAX3M4v_MG3OaDvcmooI8Ob2NS6dSP7Vg03r7WjcygO1zBERw&sai=AMfl-YTSK8tY26frO1W_zMByBvEBugCGn4obYOFgHDEv1Lgzli_Bf6ck-QA_fUfRAPUtqPulUTYJOFWZWbDzHEdjIeaGqVMVnkD6efChZ4Sg3wwCqYrMnXOY4-w1iV-a8zNh9z0ohR2CAx2bA5ArPxRvIltoyEJmBy8NAmDFRibUHOezbC5rQozvSY8562a9LOH7Bq3pHRPR7nEnNpqKB7PKPA&sig=Cg0ArKJSzFBl4w195t9kEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1448&vt=11&dtpt=1284&dett=3&cstd=158&cisv=r20220314.53645&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9418 7 KB
5 KB 39ms
23ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=latest&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9e59ef7735588fb3589083dc0e57c685ff1b2347fc622e3ad0b7b75ddc6d8f86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5544
x-xss-protection: 0

POST
H2 200 node.php Show response
node.setupad.com/node/ Frame 4331 0
208 B 21ms
21ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: windowsapp.com.se
URL: https://windowsapp.com.se/1058455218/hogia-mypayslip
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://windowsapp.com.se/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET, POST
content-type: text/html; charset=UTF-8

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9418 17 KB
6 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_obb_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 16 Mar 2022 14:51:46 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 1CC5 87 KB
28 KB 111ms
47ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0AAB 42 B
64 B 39ms
38ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstHo3DeZY-QhL7JjddZXvr_rHVowMee7e2iffljxBGId-d91gusubkaMYz4G23dBbRz9fWPJ2lGICL2Myi0yPxVzL8ZmQalrfogA_rIqulGVvwH_RI8BQ&sai=AMfl-YSPZuIZC1AOpD-Oz2cwN30kL5Dr9xbUTop_jFxH7m5h5jYDjU-gjZct5XPHBSBVD6cnBklhnIZOrM0-Z4j_xOa9UYjxH09M51MVf0UMZZSzQBSoO92hdJLdDt8&sig=Cg0ArKJSzL6xDinwqqubEAE&cid=CAASF-RolDZ0-1nD76PmJ1Sjvx8gUfx7djOa&id=ampim&o=800,332&d=980,300&ss=1600,1200&bs=1600,1200&mcvt=1642&mtos=0,0,0,1642,1642&tos=0,0,0,1642,0&tfs=320&tls=1962&g=100&h=100&tt=1962&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=2309442881

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:46 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 2D0E 87 KB
28 KB 75ms
16ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 4331 87 KB
28 KB 95ms
37ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H3 200 t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js Show response
pagead2.googlesyndication.com/bg/ Frame 9BD9 35 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/t8NylQo1xB2GWJCi-kujG7WJbcGG27TqDMZSIoHl89E.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7c372950a35c41d865890a2fa4ba31bb5896dc186dbb4ea0cc6522281e5f3d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:03:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 10106
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13798
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 11:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 16 Mar 2023 12:03:20 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 14E9 13 KB
5 KB 16ms
16ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=windowsapp.com.se

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

cache-control: private, max-age=3600
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
server-processing-duration-in-ticks: 2180
date: Wed, 16 Mar 2022 14:51:45 GMT
content-length: 5145
strict-transport-security: max-age=31536000; preload;

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 2D0E 97 KB
31 KB 50ms
18ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H2 200 sspmatch-iframe Show response
ads.betweendigital.com/ Frame EC4B 611 B
790 B 13ms
13ms Document
text/html 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/sspmatch-iframe
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 12f6922511a7b9e6ce9a8339535949b4000d86f987fd6554afe229438a736ee6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 611

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame DAA3 0
91 B 29ms
21ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
date: Wed, 16 Mar 2022 14:51:46 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 46BA 52 KB
17 KB 134ms
34ms Document
text/html 104.102.28.239
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-239.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Content-Type: text/html
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 17 Mar 2022 14:51:48 GMT
Date: Wed, 16 Mar 2022 14:51:46 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame E0B0 281 B
554 B 8ms
8ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:46 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 03F6 926 B
1 KB 63ms
21ms Document
text/html 104.17.119.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.119.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Date: Wed, 16 Mar 2022 14:51:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id: 15DG7FS62Q387667
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 93
Expires: Wed, 16 Mar 2022 15:51:46 GMT
Cache-Control: public, max-age=3600
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6ece4f111bf49bf2-FRA
Content-Encoding: gzip

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 4331 97 KB
31 KB 44ms
42ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 1CC5 97 KB
31 KB 24ms
24ms XHR
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 02:42:25 GMT
server: nginx
etag: W/"6226c291-1834f"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 17 Mar 2022 14:51:46 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame E659 281 B
554 B 7ms
7ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame F9D4 0
35 B 18ms
17ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
date: Wed, 16 Mar 2022 14:51:47 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 3359 926 B
1 KB 33ms
32ms Document
text/html 104.17.119.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.119.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id: 15DG7FS62Q387667
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 94
Expires: Wed, 16 Mar 2022 15:51:47 GMT
Cache-Control: public, max-age=3600
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6ece4f12cfb09bf2-FRA
Content-Encoding: gzip

GET
H2 200 sspmatch-iframe Show response
ads.betweendigital.com/ Frame 08BB 0
159 B 12ms
12ms Document
text/html 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/sspmatch-iframe
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame E4B5 52 KB
17 KB 33ms
33ms Document
text/html 104.102.28.239
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-239.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Content-Type: text/html
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 17 Mar 2022 14:51:49 GMT
Date: Wed, 16 Mar 2022 14:51:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E0B0 32 KB
10 KB 9ms
9ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85614
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H2

200

match
ads.betweendigital.com/ Frame EC4B
Redirect Chain

https://x.bidswitch.net/sync?ssp=between
https://x.bidswitch.net/ul_cb/sync?ssp=between
https://px.adhigh.net/p/cm/bsw?u=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&bidswitch_ssp_id=between
https://px.adhigh.net/p/cm/bsw?u=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&bidswitch_ssp_id=between&bounced=1
https://x.bidswitch.net/sync?dsp_id=9&user_id=ugi5yZbHbmET.AikABlF_kzapVA&expires=30&ssp=between
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf

68 B
607 B

13ms
12ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

Location: //ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf
Date: Wed, 16 Mar 2022 14:51:47 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

match
ads.betweendigital.com/ Frame EC4B
Redirect Chain

https://px.adhigh.net/p/cm/btw
https://px.adhigh.net/p/cm/btw?bounced=1
https://ads.betweendigital.com/match?bidder_id=37&external_user_id=ugi5yZbHbmET.AikABlF_kzapVA

68 B
607 B

12ms
12ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=37&external_user_id=ugi5yZbHbmET.AikABlF_kzapVA
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f13-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ads.betweendigital.com/match?bidder_id=37&external_user_id=ugi5yZbHbmET.AikABlF_kzapVA
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 btw
sync.dmp.otm-r.com/match/ Frame EC4B 0
70 B 55ms
13ms Image
text/plain 88.99.28.61
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.dmp.otm-r.com/match/btw?id=92ada6ab-67c0-524b-b7ce-5790d5ffaeef
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 88.99.28.61 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.61.28.99.88.clients.your-server.de
Software: nginx/1.17.10 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 16 Mar 2022 14:51:47 GMT
server: nginx/1.17.10

GET
H2

200

match
ads.betweendigital.com/ Frame EC4B
Redirect Chain

https://sync.bumlam.com/?src=bw1&uid=92ada6ab-67c0-524b-b7ce-5790d5ffaeef
https://sync3.adsniper.ru/?src=ss1&s_data=CAEQABiD88eRBlIFvp7KygpiJDkyYWRhNmFiLTY3YzAtNTI0Yi1iN2NlLTU3OTBkNWZmYWVlZg**
https://sync3.adsniper.ru/?src=ss1&s_data=CAIQARiD88eRBlIFvp7KygpiJDkyYWRhNmFiLTY3YzAtNTI0Yi1iN2NlLTU3OTBkNWZmYWVlZqIBEJqtApSlOBHshuAAJZDAZHw*
https://sync.bumlam.com/?src=bw1&s_data=CAIQABiD88eRBmIkOTJhZGE2YWItNjdjMC01MjRiLWI3Y2UtNTc5MGQ1ZmZhZWVmogEQmq0ClKU4EeyG4AAlkMBkfA**
https://sync.bumlam.com/?src=bw1&s_data=CAIQARiD88eRBmIkOTJhZGE2YWItNjdjMC01MjRiLWI3Y2UtNTc5MGQ1ZmZhZWVmogEQmq0ClKU4EeyG4AAlkMBkfA**
https://ads.betweendigital.com/match?bidder_id=18&external_user_id=9aad0294-a538-11ec-86e0-002590c0647c

68 B
607 B

12ms
12ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=18&external_user_id=9aad0294-a538-11ec-86e0-002590c0647c
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://ads.betweendigital.com/match?bidder_id=18&external_user_id=9aad0294-a538-11ec-86e0-002590c0647c
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 14E9
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=windowsapp.com.se&sn=ChromeSyncframe&so=3&topUrl=windowsapp.com.se&bundle=ts_-a19ZblNTTVNCMyUyQlElMkJiaWJxY2hROUdUTWclMkZtZ3ROJTJCU0hrZElW...
https://mug.criteo.com/sid?cpp=T2_3-3xqdzZuSjJrMzNXUHRicHM5bVRoRlNOZ3FGdDJIWUZab3plQTA0ZG1Ub29yNkg4RUpFSStHQnJyWU41M3lOdzU0N3ZFTDUxcHhiTDZSem5BaUFiZGpDRmU0RjU0UXlLamVCR0I1ZXNBRnJZejFrM3FrYjhPbC96ZT...

438 B
633 B

20ms
19ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=T2_3-3xqdzZuSjJrMzNXUHRicHM5bVRoRlNOZ3FGdDJIWUZab3plQTA0ZG1Ub29yNkg4RUpFSStHQnJyWU41M3lOdzU0N3ZFTDUxcHhiTDZSem5BaUFiZGpDRmU0RjU0UXlLamVCR0I1ZXNBRnJZejFrM3FrYjhPbC96ZTZ3RFV4S2t1QVF2QmhBMTR4MXBXdXpsUGlXaXRkUDZuSHdKQ3hZcG5HaTcyU3JreEJGY1k1TFRaVTFucllYN1hreHpLQTFxVk9PdG9BUEs0M0ZFWGppYi9VVVI4cSszekhZMHZIdEdPV3RLcFRaQnFDbFhINm9EMWxZVlpSaEsveGpCR3NVSlJ2czh3eWNjNUtueEdWc3J3VjNNVjR5QzcrYllDdjFLY3h5LzYzNXNtaXhUVT18&cppv=2

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

a67a4010166ceb352c9a3d5f1e588a1593df589a7b7b43e7ce0ce65364aceb76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:46 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4831
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:46 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=T2_3-3xqdzZuSjJrMzNXUHRicHM5bVRoRlNOZ3FGdDJIWUZab3plQTA0ZG1Ub29yNkg4RUpFSStHQnJyWU41M3lOdzU0N3ZFTDUxcHhiTDZSem5BaUFiZGpDRmU0RjU0UXlLamVCR0I1ZXNBRnJZejFrM3FrYjhPbC96ZTZ3RFV4S2t1QVF2QmhBMTR4MXBXdXpsUGlXaXRkUDZuSHdKQ3hZcG5HaTcyU3JreEJGY1k1TFRaVTFucllYN1hreHpLQTFxVk9PdG9BUEs0M0ZFWGppYi9VVVI4cSszekhZMHZIdEdPV3RLcFRaQnFDbFhINm9EMWxZVlpSaEsveGpCR3NVSlJ2czh3eWNjNUtueEdWc3J3VjNNVjR5QzcrYllDdjFLY3h5LzYzNXNtaXhUVT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 2119
content-length: 567
expires: 0

GET
H2 200 sspmatch-iframe Show response
ads.betweendigital.com/ Frame 9474 0
159 B 16ms
16ms Document
text/html 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/sspmatch-iframe
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

content-type: text/html
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H/1.1 200
OK check.html Show response
biddr.brealtime.com/ Frame 0F98 926 B
1 KB 33ms
16ms Document
text/html 104.17.119.107
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://biddr.brealtime.com/check.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.17.119.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id: 15DG7FS62Q387667
Last-Modified: Tue, 08 Sep 2020 13:51:51 GMT
CF-Cache-Status: HIT
Age: 94
Expires: Wed, 16 Mar 2022 15:51:47 GMT
Cache-Control: public, max-age=3600
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 6ece4f13083e9bf2-FRA
Content-Encoding: gzip

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 8CC4 0
35 B 30ms
30ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.2.1
date: Wed, 16 Mar 2022 14:51:47 GMT
content-type: text/html
content-length: 20
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame E151 281 B
554 B 19ms
19ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 9476 52 KB
17 KB 64ms
54ms Document
text/html 104.102.28.239
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/postbid/stpd220112.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.102.28.239 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-102-28-239.deploy.static.akamaitechnologies.com
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/

Response headers

Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: "5fc7ff8f-cf34"
Server: nginx/1.13.10
Content-Type: text/html
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Length: 17053
Cache-Control: max-age=86402
Expires: Thu, 17 Mar 2022 14:51:49 GMT
Date: Wed, 16 Mar 2022 14:51:47 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H2 200 bidder_18.html Show response
cache.betweendigital.com/code/ Frame 05B5 4 KB
1 KB 438ms
60ms Document
text/html 31.200.251.83
NETRACK-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&CACHEBUSTER=142150
Requested by: Host: ads.betweendigital.com
URL: https://ads.betweendigital.com/sspmatch-iframe
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 31.200.251.83 , Russian Federation, ASN61400 (NETRACK-AS, RU),
Reverse DNS
Software: nginx /
Resource Hash: 0efe00c23297e5c56485eabb6ea548c2669b896704fcb2c426d898148543ccad

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.betweendigital.com/

Response headers

server: nginx
date: Wed, 16 Mar 2022 14:51:47 GMT
content-type: text/html
last-modified: Tue, 08 Jun 2021 15:45:03 GMT
etag: W/"60bf907f-ee9"
content-encoding: gzip
x-cdn-edge-cache: HIT
x-cdn-edge-id: 198
x-cdn-request-id: b05a0df74f0513e12af52d4479caa40d

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 46BA 0
745 B 23ms
22ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:47 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0f8fe5ca-e393-4598-ab2c-c851f85ff314
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E659 32 KB
10 KB 8ms
8ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85614
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame E151 32 KB
10 KB 8ms
8ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85614
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AFC8 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPFT-gPkxYsWWKIGBx_APoPiOyAYAAAAAOAHgBAI&bg=!39yl3JjNAAZgliNcYJY7ACkAdvg8WuyHmwLrRE8DZ1gliKeAPj56r3W0vmz8cbDXJZK3z9FZZz8ITAIAAAIUUgAAAAJoAQeZA1O688RT_KsxkxbtCg0tYnfITcthCL5rGScVES2sZ7j4f3gSGM5iZMafSjur4g5k-065t4ZDq9C3_yDo_Ef5W7n5tMvt3eIVFBMlf6qR8LXkxlkHCQ-_mX9LqPNS8EoB6qgUV5QASxb8BHkBWy-GMbioHtN3qWX4NVQ4yVShp8Rvhc7JCiIngfg0zfcbjUUuzDPbKZWxHMWzyWTXuA1taDlFVQB8JQZ_i9kKsyDpHYu46X-Q4LE9jS5iEIrF9haZR1-o6EjiRF1y-wxRFIAnwtaqZY1v18KFezKhGmUvdFQlWjDObAA88mEf2d0Vas30PDeJqwglv4Dmxu-1MGO3uOi3UCeYJ45acuww9YRrpCT7_2KRwEK6W5-enWAHuNlmVhzJM3pWBHa29yk4T9Bh-KC7Z1Uvgj5nb4Qb2iu2hcMUA4rQsad_Q2cPewgaZmh5qpwGwOpKgWf7S4VtGJtOLYfH9kEt2igMIWwM8hv0FRJKifU-Xrppbpo26O9aqKrRfUjX0WaqBX5P_baxefp9sehMXj7GP1msuzPG75-q82EjkMlHM6cHl4ez9gazGkyST20JKVF-OcPGq3sVi5eHgILunMGPZZBa-zqqPreJUg9HPaYFxqr9t7-spcHsZ5k98ToGu_lEYZdeABWBiGkyFjAtYym6dH8gTqIwoiSljkWTHFqSQwUUF5uKM8ZOxGYBKHwWJIL74J6Rj2mWvNRJ59L70CnyVSDc-RXsFYhe6I_qI4dtWTTI74y3PqwYnyFiVyLzibJ4BowMBvfLXE27kxyKF_nUS1kco7XaoY6k-kIZDJfo10YA0SZnsRwrr5gcswrKlUEY2cKKnSP7FXjUKw5-Ml2aP4a-V8aKGrN8qhuGmqBWWeJP_AcRy3x8GGPIizLAiJ45t-yewJQPZGnK-tg0GOAf1ynbBT3lU3tLQRhd5QAf1ecXwj_VWyiMOKelnepB2XeftgnbTJnpsJlMt8aSNxdjU6XE_iuBbq5VoGo_F8eG7JlRrYbBb0VTnc2i7vvrmU67x0bohx4f4gj8m8-BDv3iMNUK8Ky4EXX4xqBGOIIcVAUv6UsICd_XftRYMlM3-yYq1cQ1Nr5QI0UBRV993IDeYKvZcxIqgSVcwAj4KkxHUQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1CC5 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030201&jk=2809349134643177&bg=!pqWlpeHNAAZgliNcYJY7ACkAdvg8WqWAOtKgCmHLQ-N_-dfmRre82yNoeh-9W0liB2KbJYIDAheTKwIAAAYKUgAAAAJoAQeZAwR-oDd7dUO2Z5Behdz4Y0gfPjWyZ8bHZPJTy26ugRJW-12wnx2hwc6IQwmDhtzyAfReIoa7ZXxyxb6ys9JmsagciXTAubMyy2dqL0AwPdMW-Ivp2UzeO_e52zrkr04GyWzUcWVg1UOv1yKHf2KI76YWJINeccFb_6vlk43SjK5xnmtYzRERifUGEyrJOfW_zXTYoX6MwAk4ep-JO8CVzK7gwViY3hQh9za3H388zwvNj50qMhNblG56EI0BY8JJ0f9gEJRE_ElLQHz7INmO5yN0CAOYKtSEZbZ3cTxYhf-b0ueM1My7XnAQWqidzuJ04LLe9I7errJ6sGxXkqeKOtGTJdslR4GvzvoOPJVX0DKYpM6oPKF7y1CU4UjFJYj303ghlzhROn1jGm1LYnNnl0PMChhhrVx1H5mgsbHPHlrXLp3feZ1gRoleI6-1l4hvVvNEdgiVl-EsE8KPIkAAHmTrHbtmlHSmYeX4PQH6zERf0MMm5KaWmGqENv_fbhp0FtyOtYeb0vj01t894WKhY_nSCAq0-02ib6HMbzoIGzT2xwWm5lT9p0ZRtgu3RX5y7p6OVHOxG8Ntb7rR-p0ciAN-Ys2hgSVXtUYDE8UA7cuBixUrHT1buSTgwjuoCEcXuhJwZb8F8lAEUXu18GLBKZDAq4OnGxQ7dmakT-zRBbMKyYIYhI2eYq0nOAxrACHAcFV-HaUzu4dVi-Dgd89d3Eki4O6dLvEX4zKmyc3Ckch0k1U-zUbV31Am_Jdw051sOncpOHdzs0rzEZKNjtX81w7_wolDd3v4s8DEbJcA3a5_D0CSmrNZ6-Vp2Xe2Y9dBcRWWf9fsQP9vcwHwxGYUEd1lx-SezURlwAnL_D7KqOcfkTzVTM1SnVzagsV1kxxsyhUVbRWJ30r1HUeXshm5b62mDM6V8GuaIjSNHPIX36_vZzzd6n1c8Wwy9ol5Xx899wsk_Bg1IpiXslHW4gdL8uSXcfTwSbl20ucZ5Z4x8WFa4_xwqdKnQ4LNxm_AbWCtRTlGla3i

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E4B5 0
745 B 49ms
49ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:47 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2f941540-99a9-4025-86c2-5e4a463ac0d3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9476 0
745 B 78ms
77ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:47 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 088be58a-cefc-4eec-85ab-a453403861b9
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2D0E 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030702&jk=1761881908530515&bg=!5-Sl5KDNAAZgliNcYJY7ACkAdvg8Wm-zLfetepLRULUBxygA6FVu6VwUJOMX2hcB8D_Mr-lbGldJLwIAAAbLUgAAAAJoAQcKAAP38UKZAyyr0lhJyjnOsy1CnTsJyWv-3C_3NyL0rDBxaBVzvLtATJunw67SENFL-BL8JrA4FCiXKfOQshktY8mttRQmBN_-XqP6BjMN7XA1E2oyUmQ5I4ntQoUxQ_2H-Y77RVUZwCgltMPSRKHoHbBY_LoAjgcDBW5n5O25_eMRvFCyYGd03EL67_FmxSv0Anviuj8g3MCR8WSecFN_5IqDWbw4_8vKyWS8rADsm_d5Rb1l2gNFM5BaLTPSWMYeJljazetvib4liTS6bnK8TK4wNDFagYFhm2EJcJyCkPTVee-4kXiwgUdvYyJEM5EKnJQy5gXkYQfNS-wxlglzLtRnLFZcgAhiZNbem3Mfy54r5m0gl5mDDoo3EVpxO9IBN8FEMm-c_Ka_PHAhs3kbCX6ddl0pHAPqIF9bItDQbWR2NmstKaQprXQYhr-kUqT-0iCS5qOKRRKPCTrP6zhTm4mc4czFvr3Ui_VTiVij50kC7jCvZPWDrhRdvvJ-MMbv5e_kvMUMgpirlGSS3Q6OYyNXCO9755j1Q-NGQpZSUEFOtQxq2rs5mgwPBMYRvJ_QbQWH-2n3qcVExb1AGPKMW0sNIwPjmYGetgyWGgowo88xtWCyyjazV4KG97bC8231Tt-4oSugD3rlTkOK0A675_Zq_8p8fYdY0NEOxF53lrX9JxstkriyOVpcAaaXZ8WzKQ95ESzKDJDYJPerNC9P6EGdzJFvK6GNw680tR44voMdep0Gy5n-oKXa_OGkb2bze0-eH34d9hLyXbRamm0IFIMonkLzR5YBugtqCzQuO-8UuD_rIteWe9fQVvLPsZvH35qXoHnLCKGzD8BHtlJWF0neXqOxzfTtcpgfxQDbPYZC9AWujCbbBXRL2PcjrB5S-rFz5oxLJj2gEcuXvxBNaFvtLtYIYYct9wPi-q6vj_3Pz7sQjI7xa_4X8_H0hW9FvRaqCxqszEMoKa0U2vYpyPJLw5aBeTGe7akkD0WJ88FXa8GZr-esKFt3qp092jThom7ll4o5VnxHfdaUJW0a_-zoNlwuIL48HHvaZq0uUCwMnlH2tstNGGOVX1Cp7qfxGRTxDA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4331 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022031001&jk=3297426864033291&bg=!MTKlMnbNAAZgliNcYJY7ACkAdvg8WhiotxR5C1RsK5NQ2bdqdAuxj-7euVHeCwmcKtQdxihNmTZwMgIAAAcJUgAAAAFoAQcKACz4-N59qR-tC0Hzupnr6s6kqrQ_4DkUfwUA2XDBdfTVaE543xeBYFu-N7FE6pkDHMfhW_uUD0HfuLwZxxSMcXrlcdtNzMqrirYqSuiQgwZpIiBIQRAoFoIQG-GtE4d14yXL09dlTpZ-z3rPLsVzDI2MpNmpVF7YQCWXWwAHzwZ2O_hNb3f1P9Lqo_idv3TJsjexW75ScWc380H3Z4q6rqZryDQ2OEn0U0ILnNKvhh_bZO9V_LialubzIi3SWYLklaYEmB3SSsUxncJkrv6NhscPtaZDkDIctmDHEGpjFN7Tet6wV_P9cV3PC1WFuj0K9YLwFUM_OlJTA2WvnDDkwTWoWOyVuJGDn9GzfL4nx5PoVejcsG5Ox8HlgyJUG8ZkvgfA4jsuvPJq6qKUm4E_hB1brZs_enFKw9Xfq0Gq620J__k7uB_0bqGqsaI7SsyBFoR4C8RfRc3SvAszClVzsTx8HzSX-qWww9fMRpJ30euyYOpPrcB_8yjdq6ehhQG7u-WAoThpork_hr5d6L8piCwEBi89cp0sAp-wO_F12TvW7VC6AoBQwNVS23A6GmIL8-azIlt3Jbx3lekirxPtTV7S5pngrPbOKzwcqTncm58dQJMyXle3c-ywqg2D8JZYHuHO0_yaqHFXET_dpJxLGhKvmyzXYbwxwpuMwdC99O_isDsrJ5vSNA_zVC_ls3jt77oIex9z-ekN1VamJBHXuHrvOeZ6TNRh5EKSyMPbVOQn9um8mBfdrGrhoWCdbsgKq4Sjj_GTNmvO-iCVgStRqZoLdrHrSPsXzR015qjoeo8wRWxhnNBfeihyTPCtcMClCYeFaN57ye0QltSnscj3pfIL9zvB_fqagHtfMrCDoUbzCwBazSeVwP2IrP2nJ3OV-hFGSQ7yiCwSGQmHhaHtpmAjN-Xkf7jRdXtevzsgy0tFJHs6zxPFeR3KWmAxvmkZjH8-59-JBEg1U8QFtljyKq3aA823HgcWExCcDA7PcQEZUY29mpYOz0oonIW4DG9KGJZnWBVWitRpjqTukOIuYrchrSG7sKOZzdzcMGgudRZPG3opuvNndcLBJ6ZV8XNJA0YyrQql9Ohbzm44NgAiuEx0WSLQj2EJl2IAD1c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://windowsapp.com.se/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

match
ads.betweendigital.com/ Frame 05B5
Redirect Chain

https://x.bidswitch.net/sync?ssp=between
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dbetween%26expires%3D30%26us...
https://x.bidswitch.net/sync?dsp_id=429&user_id=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&ssp=between&expires=30&user_group=1&gdpr=&gdpr_consent=
https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf

68 B
607 B

12ms
12ms

Image
image/png

188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf
Protocol: H2
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

Redirect headers

Location: //ads.betweendigital.com/match?bidder_id=22&external_user_id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf
Date: Wed, 16 Mar 2022 14:51:47 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

/
sync3.sniperlog.ru/ Frame 05B5
Redirect Chain

https://sync.bumlam.com/?src=aid0
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=9aad0294-a538-11ec-86e0-002590c0647c
https://x01.aidata.io/0.gif?pid=ADSNIPER&id=9aad0294-a538-11ec-86e0-002590c0647c&bounce=1
https://sync.bumlam.com/?src=aid1&uid=5abAQH5JazaO%2FPCnwrIpjA&
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_cm&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata
https://sync3.sniperlog.ru/?src=ggl&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata&google_gid=CAESEEG98zZxwnSFr-gcWTB390s&google_cver=1

43 B
516 B

78ms
7ms

Image
image/gif

31.172.81.172
DE-FIRSTCOLO www....

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync3.sniperlog.ru/?src=ggl&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata&google_gid=CAESEEG98zZxwnSFr-gcWTB390s&google_cver=1
Protocol: HTTP/1.1
Server: 31.172.81.172 , Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:48 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:47 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync3.sniperlog.ru/?src=ggl&extra1=5abAQH5JazaO/PCnwrIpjA&extra2=aidata&google_gid=CAESEEG98zZxwnSFr-gcWTB390s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 551F
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=btwnex&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu

281 B
554 B

7ms
7ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Requested by: Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&CACHEBUSTER=142150
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Wed, 16 Mar 2022 14:51:48 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

server: AkamaiGHost
content-length: 0
location: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
date: Wed, 16 Mar 2022 14:51:48 GMT
access-control-allow-credentials: true
access-control-allow-origin: *

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 551F 32 KB
10 KB 8ms
8ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:48 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=85613
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9539
Expires: Thu, 17 Mar 2022 14:38:41 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 551F 0
239 B 8ms
8ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=btwnex&khaos=L0TOM0WD-7-A1KW
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=btwnex&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2

200

142150
www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/ Frame 05B5
Redirect Chain

https://www.tns-counter.ru/V13a****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150
https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150

43 B
297 B

55ms
55ms

Image
image/gif

2001:6d0:4001::226
TNSMSK-

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150
Protocol: H2
Server: 2001:6d0:4001::226 , Russian Federation, ASN52016 (TNSMSK-, RU),
Reverse DNS
Software: ms-counter-3.2.15/1.20.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: ms-counter-3.2.15/1.20.1
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 43
expires: Thu, 01 Jan 1970 00:00:01 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
server: ms-counter-3.2.15/1.20.1
strict-transport-security: max-age=2678400
content-type: image/gif
location: https://www.tns-counter.ru/V13b****betweenx_ru/ru/CP1251/tmsec=betweenx_bx-ban-1/142150
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate
timing-allow-origin: *
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 46BA 0
745 B 15ms
15ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:48 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d882a1db-6745-4548-9b1c-0c760c59f9a9
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame E4B5 0
745 B 30ms
30ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:48 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3fc950b4-c73b-4cd0-bd56-43fbe27c38eb
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 9476 0
745 B 19ms
18ms Script
text/html 185.33.221.13
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:48 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: caef9de3-896b-4a5c-8a87-9a1e7bb74fb6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm.aspx
inv-nets.admixer.net/bs/ Frame 05B5
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=429&user_id=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&expires=60
https://inv-nets.admixer.net/bs/cm.aspx?id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&consent=&gdpr_pd=

43 B
463 B

31ms
9ms

Image
image/gif

146.0.227.110
GODADDY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://inv-nets.admixer.net/bs/cm.aspx?id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&consent=&gdpr_pd=

Protocol

HTTP/1.1

Server

146.0.227.110 , Ascension Island, ASN20773 (GODADDY, DE),

Reverse DNS

Software

nginx /

Resource Hash

281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 14:51:48 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=25
Content-Length: 43
X-Xss-Protection: 0

Redirect headers

Location: //inv-nets.admixer.net/bs/cm.aspx?id=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&consent=&gdpr_pd=
Date: Wed, 16 Mar 2022 14:51:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0776 4 KB
2 KB 31ms
8ms Document
text/html 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=5d1628750185ace

Requested by

Host: cache.betweendigital.com
URL: https://cache.betweendigital.com/code/bidder_18.html?USER_ID=92ada6ab-67c0-524b-b7ce-5790d5ffaeef&CACHEBUSTER=142150

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e17dfe53d83fac0ad98d09b6b23cc7f96815e682af0ed877631f3976cafb3dc5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1410
strict-transport-security: max-age=15552000

GET
H2

200

d1d26231-f984-4500-aba7-6a7aec66113b
onetag-sys.com/sync/i,1/ Frame 0776
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/d1d26231-f984-4500-aba7-6a7aec66113b

0
290 B

8ms
7ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/d1d26231-f984-4500-aba7-6a7aec66113b

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Wed, 16 Mar 2022 14:51:48 GMT
Server: MT3 4256 109297d master zrh-pixel-x4 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/d1d26231-f984-4500-aba7-6a7aec66113b
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Wed, 16 Mar 2022 14:51:47 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame 0776 0
239 B 10ms
10ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2

200

2424032671312533712
onetag-sys.com/sync/i,34/ Frame 0776
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs
https://onetag-sys.com/sync/i,34/2424032671312533712

0
290 B

15ms
15ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/2424032671312533712

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/2424032671312533712
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

/
onetag-sys.com/match/ Frame 0776
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D1%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=4214724921608737631

0
291 B

8ms
8ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=4214724921608737631

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma: no-cache
Date: Wed, 16 Mar 2022 14:51:48 GMT
X-Proxy-Origin: 138.199.38.133; 138.199.38.133; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: f202515e-358e-4cab-bcbb-a8cddc3741d1
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://onetag-sys.com/match/?int_id=98&gdpr=1&gdpr_consent=&uid=4214724921608737631
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ Frame 0776 0
239 B 10ms
10ms Image
image/gif 69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

GET
H2

204

sync
pixel.advertising.com/ups/58198/ Frame 0776
Redirect Chain

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true&verify=true

0
124 B

12ms
12ms

Image
text/plain

52.59.41.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true&verify=true

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

52.59.41.116 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-59-41-116.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:48 GMT
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://pixel.advertising.com/ups/58198/sync?&gdpr=1&gdpr_consent=&redir=true&verify=true
date: Wed, 16 Mar 2022 14:51:48 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0776
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABf5M2rXCbBddd6AAMmB8AUzXpPwyD-Mp8sQ

170 B
188 B

18ms
18ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABf5M2rXCbBddd6AAMmB8AUzXpPwyD-Mp8sQ

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABf5M2rXCbBddd6AAMmB8AUzXpPwyD-Mp8sQ
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H/1.1 200
OK sync
ssbsync-global.smartadserver.com/api/ Frame 0776 0
75 B 179ms
16ms Image
text/plain 185.86.137.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=1&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:48 GMT
content-length: 0

GET
H2 400 711916.gif
id.rlcdn.com/ Frame 0776 0
0 18ms
15ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/711916.gif?ct=4&cv=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 ImgSync
image8.pubmatic.com/AdServer/ Frame 0776 0
42 B 87ms
13ms Image
text/plain 198.47.127.18
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=1&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26uid%3D%23PMUID
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 14:51:47 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 0776
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESECarEQ_KNt9OvOgee6VtL28&google_cver=1

0
291 B

8ms
8ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESECarEQ_KNt9OvOgee6VtL28&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESECarEQ_KNt9OvOgee6VtL28&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame 0776
Redirect Chain

https://ups.analytics.yahoo.com/ups/58488/occ
https://onetag-sys.com/match/?int_id=92&uid=y-1aifE.VE2uGGCUZrt23A.nDVzMDvj0S4fzEvGTE-~A

0
291 B

12ms
12ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=92&uid=y-1aifE.VE2uGGCUZrt23A.nDVzMDvj0S4fzEvGTE-~A

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=92&uid=y-1aifE.VE2uGGCUZrt23A.nDVzMDvj0S4fzEvGTE-~A
date: Wed, 16 Mar 2022 14:51:48 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame 0776
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=c74816a9-08ef-4069-947b-eb7a0acbc4ca&ttl=1650034308

43 B
370 B

8ms
8ms

Image
image/gif

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=c74816a9-08ef-4069-947b-eb7a0acbc4ca&ttl=1650034308

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
content-length: 64
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=c74816a9-08ef-4069-947b-eb7a0acbc4ca&ttl=1650034308
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame 0776
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=59a97357-7a62-467a-9b35-dba62d5ea010&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&gdpr_consent=&us_privacy=

0
291 B

10ms
10ms

Image
text/plain

51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace

Protocol

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Location: //onetag-sys.com/match/?int_id=30&uid=f48c7abd-e914-483c-87ab-8d5d7ef5cacf&gdpr=&gdpr_consent=&us_privacy=
Date: Wed, 16 Mar 2022 14:51:48 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 match
ads.betweendigital.com/ Frame 0776 68 B
607 B 14ms
14ms Image
image/png 188.42.191.196
SERVERS-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.betweendigital.com/match?bidder_id=129&external_user_id=UEgv7yy6BqDgXVJqV_hFbbIGYLB_Gblb8-iXmVF6zqs
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=5d1628750185ace
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.191.196 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 68
content-type: image/png

GET
H2

200

92ada6ab-67c0-524b-b7ce-5790d5ffaeef
an.yandex.ru/mapuid/betweendigitalis/ Frame 05B5
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43554&callback_url=https%3A%2F%2Fan.yandex.ru%2Fmapuid%2Fbetweendigitalis%2F92ada6ab-67c0-524b-b7ce-5790d5ffaeef
https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef
https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef?redir-setuniq=1

43 B
108 B

58ms
58ms

Image
image/gif

2a02:6b8::90
YNDX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef?redir-setuniq=1

Protocol

Server

2a02:6b8::90 Moscow, Russian Federation, ASN208722 (YNDX, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 14:51:48 GMT
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
strict-transport-security: max-age=31536000
content-type: image/gif; charset=utf-8
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Wed, 16 Mar 2022 14:51:48 GMT

Redirect headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:48 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 14:51:48 GMT
strict-transport-security: max-age=31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
location: https://an.yandex.ru/mapuid/betweendigitalis/92ada6ab-67c0-524b-b7ce-5790d5ffaeef?redir-setuniq=1
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
timing-allow-origin: *
x-xss-protection: 1; mode=block
expires: Wed, 16 Mar 2022 14:51:48 GMT

GET
H2 200 sync
t.adx.opera.com/ Frame 05B5 0
410 B 86ms
21ms Image
text/plain 82.145.213.8
NO-OPERA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.adx.opera.com/sync?vendor=60079&uid=92ada6ab-67c0-524b-b7ce-5790d5ffaeef
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 82.145.213.8 , Norway, ASN39832 (NO-OPERA, NO),
Reverse DNS: n-sysadmin-jumpbox-03.feednews.opera.technology
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cache.betweendigital.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 16 Mar 2022 14:51:49 GMT
server: Tengine
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

73 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.admixer.net/bs	1970-01-20 03:46:58	Name: am-uid Value: 2bbbe830594a4999814822684bcf0d9d
windowsapp.com.se/	1970-01-20 01:37:29	Name: XSRF-TOKEN Value: eyJpdiI6ImdZV0NZM0tyRG85RWlnYmtTSGpMZ0E9PSIsInZhbHVlIjoia3RTWU9UK2hoVkJQRjVaeXh5OVdoRVwvbDVtaUllK0M3d3hcL2FnS3V1WWFRdTZSME9aamVDQkZZZnhNYVA3K2pMIiwibWFjIjoiZGNiYzNkMDUyMGQxNDgwNDM1NThhYTA2ZDE2MWNkMWE3OWVmYTgzMjg3NDNjMzM4MDVlMzkyMGMwMDI0Y2MwOSJ9
windowsapp.com.se/	1970-01-20 01:37:29	Name: laravel_session Value: eyJpdiI6IlBLaEduankzNGlaNDRhejRWV3hYUmc9PSIsInZhbHVlIjoicnc1SFFQbFZcLzRKU1BlQkFMamtIeFpLNGdtUm9aT3kxQnlXRFlTZ09NK3ozVjdjVXpKb1FidXNRR3pjOFlaUkYiLCJtYWMiOiJmYWQwZDFjNzEwMzBiOWE0NjA4Mjc5Zjc4NWRmM2YyMzNmZjQ5NDI2NGI0NjQ2NWM2YmRkZGU3MTk5OTBiODgyIn0%3D
windowsapp.com.se/	1970-01-20 02:20:34	Name: _pbjs_userid_consent_data Value: 3524755945110770
.windowsapp.com.se/	1970-01-20 10:22:58	Name: _ym_uid Value: 1647442303144902750
.windowsapp.com.se/	1970-01-20 10:22:58	Name: _ym_d Value: 1647442303
.mc.yandex.com/	1970-01-20 01:37:22	Name: sync_cookie_csrf Value: 643906335fake
.windowsapp.com.se/	1970-01-20 01:38:34	Name: _ym_isad Value: 2
.mc.yandex.ru/	1970-01-20 01:37:22	Name: sync_cookie_csrf Value: 330721813fake
.betweendigital.com/	1970-01-20 10:22:58	Name: dc Value: lux1
.betweendigital.com/	1970-01-20 10:22:58	Name: ss Value: 1
.betweendigital.com/	1970-01-20 10:22:58	Name: unm Value: 1
.yandex.com/	1970-01-20 10:22:58	Name: yandexuid Value: 2235501731647442303
.yandex.com/	1970-01-20 10:22:58	Name: yuidss Value: 2235501731647442303
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 90844751647442303
.yandex.com/	1970-01-23 17:13:22	Name: i Value: K3xr0iHXjtSuNq3SAywUmiuyDRkHYA+ltHQX1wDl0yV3IVfi3YvZqZKlV30aicp/Fz4SGudotr7ZAHcF8CIcwt1CdlY=
.yandex.com/	1970-01-20 10:22:58	Name: ymex Value: 1678978303.yrts.1647442303#1678978303.yrtsi.1647442303
.betweendigital.com/	1970-01-20 10:22:58	Name: tuuid Value: 92ada6ab-67c0-524b-b7ce-5790d5ffaeef
.windowsapp.com.se/	1970-01-20 10:58:58	Name: cto_bidid Value: 9Slckl83akV3YjRSRnZjeFFCZEVnMk96bW9rNHBXb0lCNDBKNUZmdWpCNkhVQXl3c3ZSOW1ua3dGdEVFMnFUWFpmeGdndVdwSVd5NjdYcmNwRm1GUnRiaSUyQk5nJTNEJTNE
.rubiconproject.com/	1970-01-20 10:22:58	Name: khaos Value: L0TOM0WD-7-A1KW
.rubiconproject.com/	1970-01-20 10:22:58	Name: audit Value: 1\|naVuGyos1qoPHRM9eI/zOXjc0/aJelRdbjRFtGIHH0sRhTFoERi5fW4S+QQUqdp46Icj134ijdn5YMXxE0ZpFuBxGCOXoSK12dVLwJp9jNzc6UO785F0Pw==
.adnxs.com/	1970-01-20 03:46:58	Name: uuid2 Value: 4214724921608737631
prebid.a-mo.net/	1970-01-20 10:22:58	Name: __amc Value: 1_1647442303_1647442303
.amazon-adsystem.com/	1970-01-21 21:49:51	Name: ad-privacy Value: 0
.amazon-adsystem.com/	1970-01-20 06:23:55	Name: ad-id Value: A1FxY79xOESBu6m7_SYIkkI
.yahoo.com/	1970-01-20 10:23:19	Name: A3 Value: d=AQABBID5MWICEPrvZAbryymik7Kf38WwAvgFEgEBAQFLM2I7YgAAAAAA_eMAAA&S=AQAAArV9TTUu8H5l83GczxHMEFk
.doubleclick.net/	1970-01-20 10:58:58	Name: IDE Value: AHWqTUlAyXrVUbiy9ApUgPnQ77WN4ykQ_oOL0Fvfu3f4OzHXvNIaHJyyXMlnBP086OA
.windowsapp.com.se/	1970-01-20 10:58:58	Name: __gads Value: ID=07249087c5c4e840:T=1647442303:S=ALNI_MaKr1SkL1gAflTeEb3JLPHLm_aSfg
.adnxs.com/	1970-01-20 03:46:58	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Hbx]JHxh!1yIE`fS1ueD1W-044)d+]UfTq2h.g.+)]SV=k2f-l/H'or<1O.SO[VuiD#LP(hw9P-HC_#ttI>)rtzb
.casalemedia.com/	1970-01-20 03:46:58	Name: CMPS Value: 3240
.casalemedia.com/	1970-01-20 10:22:58	Name: CMID Value: YjH5gI5pKkeYcLYdEw0IoQAA
.casalemedia.com/	1970-01-20 03:46:58	Name: CMPRO Value: 1218
.quantserve.com/	1970-01-20 03:46:58	Name: d Value: EGsBCQHWJYEA
.quantserve.com/	1970-01-20 11:07:36	Name: mc Value: 6231f981-01b93-b13d5-daca6
.casalemedia.com/	1970-01-20 10:22:58	Name: CMRUM3 Value: 2d6231f9812760CAESED4w7C_ufxEc8a6nfpKouSE
.casalemedia.com/	1970-01-20 01:38:48	Name: CMST Value: YjH5gGIx+YEA
.360yield.com/	1970-01-20 03:46:58	Name: tuuid Value: f7032974-a3b5-417a-b091-e0f3d4cee9c3
.360yield.com/	1970-01-20 03:46:58	Name: tuuid_lu Value: 1647442305
.pubmatic.com/	1970-01-20 01:38:48	Name: KTPCACOOKIE Value: YES
.zemanta.com/	1970-01-20 10:22:58	Name: zuid Value: HgrQq0m8O5R_IZaevZtF
.pubmatic.com/	1970-01-20 03:46:58	Name: KADUSERCOOKIE Value: C3455F0F-9A9B-4529-963B-CCD960A9AD47
.tribalfusion.com/	1970-01-20 03:46:58	Name: ANON_ID Value: apnseFRkP6j6eCno77El5Ui7fZb2osZd4ItCUTFJ9psvRvYVQpqMQUZdOvT4qmQWMgBslw97w1pRJ4jMgJTQhZcI
.criteo.com/	1970-01-20 10:58:58	Name: uid Value: c49d5831-c5f1-4a05-8bf0-32fa9c247769
.bidswitch.net/	1970-01-20 10:22:58	Name: tuuid Value: f48c7abd-e914-483c-87ab-8d5d7ef5cacf
.bidswitch.net/	1970-01-20 10:22:58	Name: c Value: 1647442307
.bidswitch.net/	1970-01-20 10:22:58	Name: tuuid_lu Value: 1647442307
.windowsapp.com.se/	1970-01-20 10:58:58	Name: cto_bundle Value: qmspLF9ZblNTTVNCMyUyQlElMkJiaWJxY2hROUdUSjBNZnRFcFh0QlN0VUx5QkFEVlpEZHE0YzZBanFNT1lrajVUcyUyQkV1anpCV2FlRWNTUEM2JTJGbVpjT29GZHc0SWVGaUJVRlRKZVYwT2RoYUJIU1o4RmhtaXJubVI2aUNQSllqMzM1ZFpWbWJlVzVyJTJCd21MQzBONVFCdUJZVThGUXdnJTNEJTNE
.adsniper.ru/	1970-01-27 08:49:22	Name: uuid3 Value: IiQ5YWFkMDI5NC1hNTM4LTExZWMtODZlMC0wMDI1OTBjMDY0N2M*
.bumlam.com/	1970-01-27 08:49:22	Name: suuid3 Value: IiQ5YWFkMDI5NC1hNTM4LTExZWMtODZlMC0wMDI1OTBjMDY0N2M*
.adhigh.net/	1970-01-20 10:22:58	Name: gi_u Value: ugi5yZbHbmET.AikABlF_kzapVA
.adhigh.net/	1970-01-20 10:22:58	Name: btw_sync Value: jxG
.adhigh.net/	1970-01-20 10:22:58	Name: bsw_sync Value: jxG
.aidata.io/	1970-01-20 19:08:34	Name: __upin Value: 5abAQH5JazaO/PCnwrIpjA
.aidata.io/	1970-01-20 19:08:34	Name: __upints Value: 1647442307
.sniperlog.ru/	1970-01-20 14:34:58	Name: guid Value: 7E6B692AC617C852
.tns-counter.ru/	1970-01-20 10:22:58	Name: guid Value: 2E21680A6231F984X1647442308
.adsrvr.org/	1970-01-20 10:22:58	Name: TDID Value: c74816a9-08ef-4069-947b-eb7a0acbc4ca
.advertising.com/	1970-01-20 10:24:24	Name: APID Value: UP9b5e41be-a538-11ec-93af-021f01e9bc5a
.analytics.yahoo.com/	1970-01-20 10:22:58	Name: IDSYNC Value: 194o~23se
.adsrvr.org/	1970-01-20 10:22:58	Name: TDCPM Value: CAEYBSABKAIyCwjqicCq59nDOhAFOAE.
.adform.net/	1970-01-20 02:22:00	Name: C Value: 1
.adform.net/	1970-01-20 03:03:46	Name: uid Value: 2424032671312533712
.mathtag.com/	1970-01-20 11:03:17	Name: uuid Value: d1d26231-f984-4500-aba7-6a7aec66113b
.onetag-sys.com/	1970-01-20 19:08:34	Name: OTP Value: eMAVhpegZDTpnN3yNSw4RMXc64GLLV8X2cSG-1cW9vY
.sportradarserving.com/	1970-01-20 10:22:58	Name: zuuid Value: 59a97357-7a62-467a-9b35-dba62d5ea010
.sportradarserving.com/	1970-01-20 10:22:58	Name: c Value: 1647442308
.sportradarserving.com/	1970-01-20 10:22:58	Name: zuuid_lu Value: 1647442308
.sportradarserving.com/	1970-01-20 10:22:58	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 10:22:58	Name: zuuid_k_lu Value: 1647442308
.betweendigital.com/	1970-01-20 10:22:58	Name: ut Value: YjH5hAALv9Bs2evUrfPKf_g9YRW5vTQFcByOTw==
.yandex.ru/	1970-01-23 17:13:22	Name: yuidss Value: 3002382581647442308
.yandex.ru/	1970-01-23 17:13:22	Name: yandexuid Value: 3002382581647442308
.adx.opera.com/	1970-01-20 02:20:34	Name: UID Value: 5e6de650670a4a378a544c78b6dd87b9

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mc.yandex.com/sync_cookie_image_decide?token=9579.Tzysg3OW7mciijH8Easn93czbixEAYHVbCTb4aZayoxEXc5TZ8NQjnPDY1Ripg9Z-XvU_4A2M9GGccQEaIEGdg%2C%2C.7JmCEe1Fcv6Dpxtv_70DUmx6dJg%2C Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631 Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://prebid-stag.setupad.net/setuid?bidder=adnxs&gdpr=1&gdpr_consent=&uid=4214724921608737631 Message: Failed to load resource: the server responded with a status of 400 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012202142035000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=9wMpdKO1QXqwkeDz1M7pww&google_push=AYg5qPLu-X4KwZeYhz5mYnSFOlLGdZ-IInviroW_s1OWQDxedoEESehPGuAuIBRJhSJGGE_dpQckY5oIE-3WZmGxrjHgU1m3aE1t Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://id.rlcdn.com/711916.gif?ct=4&cv= Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0404086322d7c381fb85903e1b35d32d.safeframe.googlesyndication.com
8b0f5120fd67cca9b3536d9c090fb796.safeframe.googlesyndication.com
9b243a4d68ee26bf9e4493add40fff07.safeframe.googlesyndication.com
a.sportradarserving.com
a.tribalfusion.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ads.betweendigital.com
ads.yahoo.com
adservice.google.com
adservice.google.de
adx.adform.net
ajax.googleapis.com
an.yandex.ru
appfurpc.com.de
b1sync.zemanta.com
bidder.criteo.com
biddr.brealtime.com
cache.betweendigital.com
cdn.ampproject.org
cdn.jsdelivr.net
cm.adform.net
cm.g.doubleclick.net
cms.quantserve.com
cs.emxdgt.com
dmp.adform.net
dsp.adkernel.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hb.emxdgt.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
inv-nets.admixer.net
is1-ssl.mzstatic.com
is3-ssl.mzstatic.com
is4-ssl.mzstatic.com
match.adsrvr.org
mc.yandex.com
mc.yandex.ru
mp.4dex.io
mug.criteo.com
node.setupad.com
onetag-sys.com
pagead2.googlesyndication.com
pixel-eu.rubiconproject.com
pixel.advertising.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid-stag.setupad.net
prebid.a-mo.net
prg.smartadserver.com
pubads.g.doubleclick.net
px.adhigh.net
rtb.adxpremium.services
rtb.openx.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
script.4dex.io
secure-assets.rubiconproject.com
securepubads.g.doubleclick.net
setupad-d.openx.net
ssbsync-global.smartadserver.com
static.criteo.net
stpd.cloud
sync.bumlam.com
sync.dmp.otm-r.com
sync.mathtag.com
sync3.adsniper.ru
sync3.sniperlog.ru
t.adx.opera.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
ups.analytics.yahoo.com
windowsapp.com.se
www.google.com
www.googletagservices.com
www.tns-counter.ru
x.bidswitch.net
x01.aidata.io
cm.g.doubleclick.net
104.102.28.239
104.102.29.65
104.17.119.107
104.92.74.8
142.250.185.162
142.250.185.194
142.250.185.226
145.40.89.200
146.0.227.110
159.89.25.223
174.137.133.49
178.250.0.157
178.250.0.165
18.185.12.233
18.195.155.181
185.184.8.65
185.29.132.245
185.33.221.13
185.86.137.121
185.86.139.59
188.42.191.196
193.232.150.69
198.47.127.18
198.47.127.19
2001:6d0:4001::226
209.50.60.88
209.54.180.144
23.37.42.132
2602:803:c003:200::61
2606:4700:20::681a:9a9
2606:4700:20::681a:9b2
2606:4700:3030::6815:2a91
2606:4700:3108::ac42:2b03
2606:4700::6810:5714
2606:4700::6812:272
2606:4700::6812:c05
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1288:80:807::2
2a00:1450:4001:800::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2001
2a00:1450:4001:813::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:830::200a
2a00:1450:4001:831::2002
2a00:1450:400e:801::2001
2a02:2638:1::13
2a02:2638::3
2a02:26f0:6c00:288::2a1
2a02:26f0:6c00:2ab::2a1
2a02:26f0:6c00:2b7::2a1
2a02:6b8::1:119
2a02:6b8::90
2a05:d018:d29:3602:c713:d832:3f91:5c2a
3.126.56.137
3.64.119.154
31.172.81.158
31.172.81.160
31.172.81.172
31.200.251.83
35.158.25.241
35.227.252.103
35.244.159.8
35.244.174.68
35.71.131.137
37.157.3.28
37.157.3.30
50.31.142.31
51.89.21.20
51.89.9.253
52.59.41.116
52.94.223.167
54.36.238.155
69.173.144.139
69.173.144.165
82.145.213.8
88.99.28.61
89.108.119.43
001acbb15d9c69510c0817e6dde361bff098406fad182ab3c367f86ff3da8343
03011da94b0c8b7fced2c1bec091b94869b8973cf38634f9ce05ae82c815b43e
0433066749ee4fb16495f32ccfac5e2c4ccbc33d627f8b0b7dd5a067890901dc
062f216611c03f1f859b98bd0c77d2fde2d69955ec9ba456b979b41b1e29fb22
0828ff138959647667235067a0290defa35f9000217b30ce6a5b21c1cfc61ef3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0efe00c23297e5c56485eabb6ea548c2669b896704fcb2c426d898148543ccad
0fabf7e4baa7ac99f9339ff91d4532a097a6f0e6825eb67541a720ac248a78ec
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12f6922511a7b9e6ce9a8339535949b4000d86f987fd6554afe229438a736ee6
1844de70f8a19e1bb882b6f7a1161affa42ebe90640ab3415b44819251de0843
1affb8f05c65e07d5d22f1ec86340e534b74fa7321ed4b2c8e7d7b1a697b40e3
1d33f53567c4e23c98125a22a423f57d28098b944771e07033c98ea6a25f3ee0
1e02189b6990b38c43207a8c0c206a2fda1833e7b7401fa42af72671e62f43a5
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1f177f189390c26badf62561e994632724bb7853f3a4d8f6295ac27197bd281b
1fc20220a096c97f2e0c7ecd5b9d118d266241d5981e28934cca73217969f1ec
20e14425f505979525a06f4f2c8bced6ac73c594121a9be1311912a7a3cd5b1b
23e8f7f6a12e07a3a097767ec61c968efcfe8195f10572feae2806b89be4203d
248c5c260b8061ece6b0d78fb45760c32e728018cd13b8e44557f9de44d3ebb0
267a0f89061df3a170cd2660cdeb0c2d0723ec9549a236faf3d7f4c632727d37
281c5ae8bf152f644e12a943ec5d59681e1950c54fb6c0b3cc77539bf5e69340
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2979f9a6e32fc42c3e7406339ee9fe76b31d1b52059776a02b4a7fa6a4fd280a
298d4f474649f9030c206c12dfed1eaaa43919cfb296113433c26bd7caf31b54
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
300b2941c0245ca9b54e376050d358e9e078d494e7bf734a3e3ecab8c7665b55
3110966fa73dac64901ac2cec67656155bb9717286b7b0da0544cdd8ae7c888d
327f60006e399d96d711bc4bc9b08b12cdd2f0a600a3c26edde260b30aa3e6b1
32b8fae56a7edbfe89e7f7fd22aa7df75546183f81660692c9cf03d3c8d914ba
33d41bee0032c7f68066fd12755e3fe4ab04c745f5a05b3fad8b8f62642017f0
381e2684a9bc6cafc83d65738a492211d71d17a8f3f23250f7afdeb98a65cb8a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8fe0d751bdb800d5189557f619c2e3d46b06a8ecd91461ff18b47c56970e1e
3f220f3495c96b51b282b05e390230202c948611867f2841cdf8ac30f7fdd427
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
409b345fced6a3224914032b35b8dfdcfbb921e1f9ccc856038a1b5c409a6174
438516fa8162e51e80edee405e616a604df367fb55c5a672be5c9a40f2db651c
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
483f564ec4b5811ac3f677eddb3f659dcd1f9bbe4557bdc62d3a286939503419
499d742344f4b69df1c45273acccf5c6941269f48276e4d52cdabdfbb77a7904
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4ca2033aec0384cafe5dd7904ccbcf205a51ffdeb26ea51b1432206bcac516e5
4d8fc43bffbe520fcff9f4818daaa59adba984204ac253fb4ce9d2f921a737c8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e3a5894e71628ced83517280f213abe0328eb324f06a6d0cb2886f7501f231c
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50ef77c247263fdc6e0308a69334a3064176a1f4803e90eb0b45370231044fb2
52e7909abeb47de2addee1a3024b2ffc814c67e7e65e68c886390d0da587fd1b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54d53079596a387796deaec74abe239cb3947132cfd04df2a787c183c2f994de
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55d7c24fcedca5f2bb26dd9c3a34ecb431dd61161400da5478b50f190c49bbc8
5870c19909e7a0d0277d4294f0bfd8d4adbaed3d61379092be412e5ad01816f9
59af59ae58cab232e032de6a98a8f63b3ffccf876d81cb97592ee29642b4c5ca
5a57cecd2bf4d6d3b8498c67487333f6dc9e102371f5e48ffc7fcf18a6e8487e
5b55bf7dd15889d4a22f310790e4a465c487f6f55b43cf7667d2726032870a9b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65ac6ddbbaf8393a0ee05b6aaf2d869f0bba38902003fc4a1c37ea813cbaefce
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
687be205607d7985c36d90cacc8d60ef919a61bfc72c630cda50e90467b75879
6a86882782bc143326fece32eb4bb5f659942d8a7af66d4ec22037a53671aa35
6f5d8886ff273181ead99e744c014365107d40411f6e23ee6c0914ac69748b05
7104ee81371b6fb333bd060a02cccb124ca342a0e1194f7dda5eb876a9b3a859
7d65bb65ae2b3d154d304620f525efa1b52d7c777fcd1a866476c6564a921ddf
7f5431663ee393313e400fbb9710f5c0b6395436bca452c039ae802a0b6ae9d9
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
809fe728d4d5005f34217c7382252042cba4078bd9a8ae2fb133fa0dc37035ee
8398a026313c016324f186d1c9b24a46813109d4bc5477d910a683079cbf1434
840a0078483521dfec460304ac9e472a01a30a94b9e282558a1da2dbea3c1106
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
86f7523fd3bff5a6464ace1e296b6e5c864b4a444d833b4decd992da40f658cd
892a61f2f9f5d837751aae3a24438189a804567eed9abe111223309bc554d703
8a2770268fb74d2f9c0463b4b836e2764c553e1ad4e914ae2bc1c31a9230ab78
8ca548364084212bc2c70df978e806019145586160d7ef0573d62f2b1d331532
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8de5d714ed7801fffddf4abe98608c15c70b4e0c158f9763806dbb334f583965
8e9f46162bbfc7c945497aa1ff0633c64c986a2825b39164d176f7beda048a4a
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
90f96342fefdfaa355b4f206d9ba68c33a65a232e405d02e97d13452cde08f4b
968a8e56e4adaf8c135199ebd7f6cc065424ca45974d4dfbeb5607e69fe72fcd
978f46f059f8b7580f0ace9c2a00175c926cb91b1bb69d1b39d7fd3a9e8582ad
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d9ee5b0568153374301fd4320464c2f7b1a34402b379aebe17d4ad5ec066e0c
9e59ef7735588fb3589083dc0e57c685ff1b2347fc622e3ad0b7b75ddc6d8f86
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a67a4010166ceb352c9a3d5f1e588a1593df589a7b7b43e7ce0ce65364aceb76
a67d07f733785876b3192826e76f537e2b9dc0be172ce52c773d30d65f712a07
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9dde8f4060567c11ca47dab3deef4c16257d00a0181a69f89eb52d69c4057c0
a9f155f273077f4c9cc5efff09100861b5e7ae509c037732c802ad3b28a53679
ac02bdf79bde6d69e23d3d3dd2b014934122ca527534bea7246cb5141b3fa138
ac2a6bdf3640e1213ba9a0a900ea6864a0274b080ba3bcf05ff245bfabb5eba0
ac66ac722009b2924b2fc7b8d59b434342feb5f158046a3b4c639473bae9201c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28a3ac67ab03fb5ed8d06e3a9c75cb395f0dd3768e0d850a02452cb501e661f
b3b613017bdfefc65a5e549f3c8f53a18054df44e256b0816be64174c5b0a371
b64579706b840bc68fd32fdeb4ddcf2d0e8c92c789a55d2b9bca6a1d8101e5d1
b7c372950a35c41d865890a2fa4ba31bb5896dc186dbb4ea0cc6522281e5f3d1
ba92f31903d0ed43a15811c0506b1c357fa04ff643140a3c0e162dfc66cd37eb
bc50bf49cbe79ee49b4ee8b56f26ff4877bc4945c16f260b1481ba2355c96347
bde3399290ccdbda3598eefb7c8c22d0f148e19e4460d3c4f74d62ddafc4db25
bf21717eb9d6b396f3a9a20f66d264678ebbffac2b8bdce1a864b61b7346eaf3
c219f318f78435b18998b64eee14c356cd847a05cdc237717111295ac34d5952
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2243e32e38c264e26c6bdc268c16b9b72dd2eb2d04bb066add053fd51a4ef60
c2ca50b6340d3f0247e56806ab034615c5c1c5398870c95b0be83c0482fb10c1
c39d994e33ee115b35d7872dbea911a99508c74e34629725343b269b5d5233e4
c4856b42b55900626e460d60aefc617623678b087d25e22a874aa1662b262718
c4cd26bc11c1d048476e731bb0bf5dabe1d3d74d2f8c03d0cd897792f83b3424
c9d175a0331b30bb23e424a8ecd9197f5ea71afcf381c3799434babac836b676
ccc2051c1c310db2acfc4ddb7e7a171e99206d5c3f7620f8285e592dc6191a9d
ce9b0028faa50c05c0e68b753212514c1ce4bf266c25c45588f051b7b0c46e97
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1ad3a2ea64fb8d1a6a1cc8606514b06b1fbe862fdf090c0fdcd7f97a4af8c7e
d380b62514e693944e7fd9cc0e890f0061b5b5bd6eb36b9a36ced810a7f58c84
d62d1a20edf87da63c0bbe815a5bed72ef82f6424b6f05be5b108d1c748ecf35
d6ef3fd5623ae5008fa3c70b222291c40e4dcfa493ea5d4ce2b066e0788b1edc
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
df828b82729c8c4e7777acc868455630085929d1c9408cab64427648a1b2bdd5
e17dfe53d83fac0ad98d09b6b23cc7f96815e682af0ed877631f3976cafb3dc5
e2651c08f7fa61aa39c3ffea1803795a9da8e14f04f9a53abe127af4eaeceef9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c5e9c0d510a455ae0f1615a994f29fd924bba51050d05ed568d2c2a6287568
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e884d8ac399db625523c10398657df0403405b60f0ebd374bfc70d714ba2f58f
e8a156849b40fa6cc8f51b9aaade18f983bdd7c626fc89a5df98dbdc9d6c57f5
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ed6ec6a2b2b965c396c8ad349b94a15cf5945b5d5c64b3b66c38a4699c45d526
ed7385b2ca535f7f90bb14266ddd68d64393f41d1559cbb4af01ece4dd36b8fb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f043ebb16ba3c7aba625be6a885bb05d8749aa4da78600f9ca5599ffd5e0872e
f11ccb62766a957a2fb59d81511a2d9051dd3bbbfaccf0293c2200fb0473c5ba
f359298d704a3d9cbd9db23eb19eaa522a75ef367ec5c15e46c3cb8681cd802f
f408ea8d108fb46b0ec7612b384c10211e19f6a21592b34a042751697f4249cf
f4e8cdf425ff29dd8fdda98e39b0a94ee79fcf574204b9f81a1da83e6fa0d2fa
f789b8326c3f46978381827257e7e71f0aa4b7bade56b616125fb40a000d5ddf
f813ef29ce8ca621643ee09eb30494844119bb744430e5dff666c774dddc5dfa
fd85f6df92f9ab71cc5d2c85b72ceb8ec601b7ebc40fa32c44aebfed98c4554c
fe11ce0457add6457536aa0522f735750f3c80cb5fa3afe2066f4e305933d566
ff28592ae2b0572a76b11239cd63a9c88412201a72ea0e994894f4bcd6d9d4bd
ff6956c6d9b77bdecabeef7eafb5625c810cf5694db1204d0a48e102ecd73c89

windowsapp.com.se Open in urlscan Pro 2606:4700:3030::6815:2a91 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

310 Requests

86 %HTTPS

38 %IPv6

57 Domains

91 Subdomains

70 IPs

13 Countries

2671 kBTransfer

7080 kBSize

73 Cookies

7 Outgoing links

Redirected requests

310 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

windowsapp.com.se Open in urlscan Pro
2606:4700:3030::6815:2a91 Public Scan

Screenshot
Live screenshot

Full Image

310
Requests

86 %
HTTPS

38 %
IPv6

57
Domains

91
Subdomains

70
IPs

13
Countries

2671 kB
Transfer

7080 kB
Size

73
Cookies

310 HTTP transactions
5 data transactions