urlscan.io logo urlscan.io
SecurityTrails logo

heroinvesting.com Open in urlscan Pro
2600:9000:2251:9e00:6:1c12:bd80:93a1  Public Scan

Go To Rescan Add Verdict Report
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaig...
Submission: On November 22 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 94 IPs in 10 countries across 74 domains to perform 401 HTTP transactions. The main IP is 2600:9000:2251:9e00:6:1c12:bd80:93a1, located in United States and belongs to AMAZON-02, US. The main domain is heroinvesting.com. The Cisco Umbrella rank of the primary domain is 216060.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 15th 2023. Valid for: a year.
This is the only time heroinvesting.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
22 2600:9000:225... 16509 (AMAZON-02)
1 2600:9000:223... 16509 (AMAZON-02)
2 23.32.185.60 16625 (AKAMAI-AS)
4 2606:4700:303... 13335 (CLOUDFLAR...)
8 2606:4700:e2:... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
11 2606:4700:10:... 13335 (CLOUDFLAR...)
3 66.225.223.63 3949 (NTTA-3946)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 108.138.1.25 16509 (AMAZON-02)
3 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:2638:3::c 44788 (ASN-CRITE...)
1 99.86.4.30 16509 (AMAZON-02)
1 35.244.193.51 15169 (GOOGLE)
2 54.247.19.59 16509 (AMAZON-02)
3 141.95.33.120 16276 (OVH)
1 52.48.81.28 16509 (AMAZON-02)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 13.32.119.77 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 162.19.138.82 16276 (OVH)
4 162.55.95.177 24940 (HETZNER-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 46.228.174.115 56396 (AMOBEE)
13 104.238.128.98 20473 (AS-CHOOPA)
1 209.192.253.44 7979 (SERVERS-COM)
1 34.149.50.64 396982 (GOOGLE-CL...)
1 3.73.104.85 16509 (AMAZON-02)
5 51.89.9.252 16276 (OVH)
16 44.196.232.111 14618 (AMAZON-AES)
1 18.202.39.252 16509 (AMAZON-02)
13 2602:803:c003... 26667 (RUBICONPR...)
1 199.212.255.178 25948 (FHMNET)
1 69.166.1.8 27630 (AS-XFERNET)
1 77.245.57.72 36057 (WEBAIR-IN...)
1 95.101.149.35 16625 (AKAMAI-AS)
13 89.149.192.64 60781 (LEASEWEB-...)
12 45.77.105.37 20473 (AS-CHOOPA)
13 34.149.20.76 396982 (GOOGLE-CL...)
19 54.74.229.145 16509 (AMAZON-02)
4 7 104.18.36.155 13335 (CLOUDFLAR...)
1 34.249.240.92 16509 (AMAZON-02)
3 5 145.40.97.66 54825 (PACKET)
1 34.120.63.153 396982 (GOOGLE-CL...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.192.193.155 16509 (AMAZON-02)
13 3.127.67.62 16509 (AMAZON-02)
5 7 208.93.169.131 46244 (WEBMD-IDC...)
1 5 63.251.14.14 14744 (INTERNAP-...)
1 178.128.135.204 14061 (DIGITALOC...)
6 54.84.92.154 14618 (AMAZON-AES)
2 34.95.69.49 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 67.202.105.24 32748 (STEADFAST)
22 2606:4700:e2:... 13335 (CLOUDFLAR...)
3 4 13.248.245.213 16509 (AMAZON-02)
3 5 3.214.189.170 14618 (AMAZON-AES)
1 23.35.228.23 16625 (AKAMAI-AS)
10 95.101.149.233 16625 (AKAMAI-AS)
1 157.230.14.143 14061 (DIGITALOC...)
1 172.240.155.68 7979 (SERVERS-COM)
1 216.52.2.30 32475 (SINGLEHOP...)
1 172.64.149.180 13335 (CLOUDFLAR...)
4 8 18.195.61.190 16509 (AMAZON-02)
5 5 54.165.78.186 14618 (AMAZON-AES)
4 69.166.1.66 27630 (AS-XFERNET)
10 13 185.89.210.82 29990 (ASN-APPNEX)
3 69.173.144.137 26667 (RUBICONPR...)
7 15.197.193.217 16509 (AMAZON-02)
5 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2a02:fa8:8806... 41041 (VCLK-EU-SE)
4 35.186.253.211 15169 (GOOGLE)
9 10 46.228.174.117 56396 (AMOBEE)
3 3 2001:678:cb4:... ()
3 3.71.149.231 16509 (AMAZON-02)
3 63.32.251.103 16509 (AMAZON-02)
4 185.64.190.79 62713 (AS-PUBMATIC)
3 18.196.51.148 16509 (AMAZON-02)
5 5 81.17.55.123 60781 (LEASEWEB-...)
5 8 216.58.212.162 15169 (GOOGLE)
2 2 185.29.134.244 30419 (MEDIAMATH...)
2 2 23.32.184.20 16625 (AKAMAI-AS)
1 5 172.64.151.101 13335 (CLOUDFLAR...)
4 4 23.197.120.249 16625 (AKAMAI-AS)
1 1 35.214.146.66 15169 (GOOGLE)
27 34.247.233.198 16509 (AMAZON-02)
3 3 35.210.53.219 ()
4 4 35.244.159.8 396982 (GOOGLE-CL...)
3 2a05:d018:d29... 16509 (AMAZON-02)
3 3 54.157.93.233 ()
3 38.91.45.7 398989 (DEEPINTENT)
3 3 70.42.32.127 ()
5 5 37.157.6.232 198622 (ADFORM)
3 23.32.184.192 16625 (AKAMAI-AS)
3 3 211.120.53.201 ()
5 5 185.184.8.90 204995 (RTB-HOUSE...)
1 2 209.54.182.161 16509 (AMAZON-02)
2 2 52.86.26.91 ()
1 178.250.1.9 ()
1 1 34.160.19.107 15169 (GOOGLE)
5 69.173.144.138 26667 (RUBICONPR...)
1 185.64.190.78 62713 (AS-PUBMATIC)
1 2606:4700:e2:... ()
401 94
22    2600:9000:2251:9e00:6:1c12:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
heroinvesting.com
1    2600:9000:223f:3400:3:6d3c:dac0:93a1 (United States)

ASN16509 (AMAZON-02, US)
adgarden.market
2    23.32.185.60 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-185-60.deploy.static.akamaitechnologies.com
amplify.outbrain.com
wave.outbrain.com
4    2606:4700:3036::ac43:9447 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.heroinvesting.com
8    2606:4700:e2::ac40:8b0c (United States)

ASN13335 (CLOUDFLARENET, US)
vrl9rgsahh7mx6ndn.ay.delivery
3    2606:4700::6812:751 (United States)

ASN13335 (CLOUDFLARENET, US)
static.vidazoo.com
11    2606:4700:10::6816:227b (United States)

ASN13335 (CLOUDFLARENET, US)
static.kueezrtb.com
u.kueezrtb.com
track.kueezrtb.com
gtrack.kueezrtb.com
3    66.225.223.63 (Sacramento, United States)

ASN3949 (NTTA-3946, US)
PTR: sa.outbrain.com
tr.outbrain.com
2    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net
c.amazon-adsystem.com
3    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
1    99.86.4.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-30.fra6.r.cloudfront.net
config.aps.amazon-adsystem.com
1    35.244.193.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.193.244.35.bc.googleusercontent.com
lexicon.33across.com
2    54.247.19.59 (Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
d9.flashtalking.com
3    141.95.33.120 (Germany)

ASN16276 (OVH, FR)
PTR: ns3203256.ip-141-95-33.eu
id5-sync.com
1    52.48.81.28 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-81-28.eu-west-1.compute.amazonaws.com
id.crwdcntrl.net
2    2606:4700:4400::6812:2b5a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
2    2606:4700:20::681a:8a9 (United States)

ASN13335 (CLOUDFLARENET, US)
script.4dex.io
1    13.32.119.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-119-77.fra60.r.cloudfront.net
aax.amazon-adsystem.com
2    2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
1    162.19.138.82 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
lb.eu-1-id5-sync.com
4    162.55.95.177 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.177.95.55.162.clients.your-server.de
api.assertcom.de
1    2606:4700::6812:1691 (United States)

ASN13335 (CLOUDFLARENET, US)
cadmus.script.ac
2    46.228.174.115 (United Kingdom)

ASN56396 (AMOBEE, GB)
targeting.unrulymedia.com
13    104.238.128.98 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 104.238.128.98.vultrusercontent.com
prebid.cootlogix.com
1    209.192.253.44 (United States)

ASN7979 (SERVERS-COM, US)
colossusssp.com
1    34.149.50.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.50.149.34.bc.googleusercontent.com
s.seedtag.com
1    3.73.104.85 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-104-85.eu-central-1.compute.amazonaws.com
grid.bidswitch.net
5    51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu
onetag-sys.com
16    44.196.232.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-196-232-111.compute-1.amazonaws.com
pbs.nextmillmedia.com
1    18.202.39.252 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
hb.minutemedia-prebid.com
13    2602:803:c003:200::44 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    199.212.255.178 (Canada)

ASN25948 (FHMNET, CA)
prebid.dblks.net
1    69.166.1.8 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
1    77.245.57.72 (United States)

ASN36057 (WEBAIR-INTERNET-MTL, US)
cpm.qortex.ai
1    95.101.149.35 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-35.deploy.static.akamaitechnologies.com
a.teads.tv
13    89.149.192.64 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
prg.smartadserver.com
12    45.77.105.37 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.77.105.37.vultrusercontent.com
exchange.kueezrtb.com
13    34.149.20.76 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 76.20.149.34.bc.googleusercontent.com
ssc.33across.com
19    54.74.229.145 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
g2.gumgum.com
rtb.gumgum.com
7    104.18.36.155 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
ssum.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
1    34.249.240.92 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
hb.yellowblue.io
5    145.40.97.66 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)
prebid.a-mo.net
1    34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com
prebid.media.net
1    2606:4700:4400::ac40:994e (United States)

ASN13335 (CLOUDFLARENET, US)
mp.4dex.io
1    18.192.193.155 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-193-155.eu-central-1.compute.amazonaws.com
tlx.3lift.com
13    3.127.67.62 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
btlr.sharethrough.com
7    208.93.169.131 (United States)

ASN46244 (WEBMD-IDC1-AS, US)
bid.contextweb.com
bh.contextweb.com
5    63.251.14.14 (United States)

ASN14744 (INTERNAP-BLOCK-4, US)
PTR: 14.14.251.63.unassigned.ord.singlehop.net
ap.lijit.com
1    178.128.135.204 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
brightcombid.marphezis.com
6    54.84.92.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-92-154.compute-1.amazonaws.com
report2.hb.brainlyads.com
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
1    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    67.202.105.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-105.static.steadfastdns.net
ssc-cms.33across.com
22    2606:4700:e2::ac40:8e15 (United States)

ASN13335 (CLOUDFLARENET, US)
s.0cf.io
4    13.248.245.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com
eb2.3lift.com
5    3.214.189.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-189-170.compute-1.amazonaws.com
cookies.nextmillmedia.com
1    23.35.228.23 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-23.deploy.static.akamaitechnologies.com
contextual.media.net
10    95.101.149.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-233.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
1    157.230.14.143 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
sync.cootlogix.com
1    172.240.155.68 (United States)

ASN7979 (SERVERS-COM, US)
sync.colossusssp.com
1    216.52.2.30 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ce.lijit.com
1    172.64.149.180 (United States)

ASN13335 (CLOUDFLARENET, US)
js-sec.indexww.com
8    18.195.61.190 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-61-190.eu-central-1.compute.amazonaws.com
x.bidswitch.net
5    54.165.78.186 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-78-186.compute-1.amazonaws.com
sync.srv.stackadapt.com
4    69.166.1.66 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
13    185.89.210.82 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
ib.adnxs.com
secure.adnxs.com
3    69.173.144.137 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
prebid-server.rubiconproject.com
7    15.197.193.217 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
5    2606:4700:10::6816:37ce (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.connectad.io
sync-eu.connectad.io
3    2a02:fa8:8806:20::2010 (Singapore)

ASN41041 (VCLK-EU-SE, US)
prebid-match.dotomi.com
4    35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com
rtb.openx.net
10    46.228.174.117 (United Kingdom)

ASN56396 (AMOBEE, GB)
sync.1rx.io
sync.targeting.unrulymedia.com
3    2001:678:cb4:bbbb::11 (None, )

ASN- ()
ad.turn.com
3    3.71.149.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    63.32.251.103 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
ads.servenobid.com
4    185.64.190.79 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
3    18.196.51.148 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-51-148.eu-central-1.compute.amazonaws.com
match.sharethrough.com
5    81.17.55.123 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
8    216.58.212.162 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
cm.g.doubleclick.net
2    185.29.134.244 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    23.32.184.20 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-20.deploy.static.akamaitechnologies.com
hbx.media.net
5    172.64.151.101 (United States)

ASN13335 (CLOUDFLARENET, US)
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
ssum.casalemedia.com
4    23.197.120.249 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-120-249.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
1    35.214.146.66 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 66.146.214.35.bc.googleusercontent.com
csync.loopme.me
27    34.247.233.198 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
usersync.gumgum.com
3    35.210.53.219 (None, )

ASN- ()
pool.admedo.com
4    35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
3    2a05:d018:d29:3601:bf9c:a4a:22aa:bd3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
3    54.157.93.233 (None, )

ASN- ()
sync.ipredictive.com
3    38.91.45.7 (Ashburn, United States)

ASN398989 (DEEPINTENT, US)
match.deepintent.com
3    70.42.32.127 (None, )

ASN- ()
b1sync.zemanta.com
5    37.157.6.232 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
3    23.32.184.192 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-192.deploy.static.akamaitechnologies.com
ads.pubmatic.com
3    211.120.53.201 (None, )

ASN- ()
tg.socdm.com
5    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
2    209.54.182.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    52.86.26.91 (None, )

ASN- ()
i.liadm.com
1    178.250.1.9 (None, )

ASN- ()
dis.criteo.com
1    34.160.19.107 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 107.19.160.34.bc.googleusercontent.com
dmp.brand-display.com
5    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    2606:4700:e2::ac40:861f (None, )

ASN- ()
dblksync.dblks.net
Apex Domain
Subdomains		 Transfer
46 gumgum.com
g2.gumgum.com — Cisco Umbrella Rank: 1591
rtb.gumgum.com — Cisco Umbrella Rank: 1589
usersync.gumgum.com — Cisco Umbrella Rank: 2098
20 KB
35 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 513
eus.rubiconproject.com — Cisco Umbrella Rank: 602
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 776
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 969
token.rubiconproject.com — Cisco Umbrella Rank: 458
105 KB
26 heroinvesting.com
heroinvesting.com — Cisco Umbrella Rank: 216060
cdn.heroinvesting.com — Cisco Umbrella Rank: 406919
924 KB
23 kueezrtb.com
static.kueezrtb.com — Cisco Umbrella Rank: 12118
u.kueezrtb.com — Cisco Umbrella Rank: 13062
track.kueezrtb.com — Cisco Umbrella Rank: 10213
gtrack.kueezrtb.com — Cisco Umbrella Rank: 10209
exchange.kueezrtb.com — Cisco Umbrella Rank: 7864
92 KB
22 0cf.io
s.0cf.io — Cisco Umbrella Rank: 11896
268 KB
21 nextmillmedia.com
pbs.nextmillmedia.com — Cisco Umbrella Rank: 3246
cookies.nextmillmedia.com — Cisco Umbrella Rank: 2836
12 KB
19 33across.com
lexicon.33across.com — Cisco Umbrella Rank: 1497
ssc.33across.com — Cisco Umbrella Rank: 3592
ssc-cms.33across.com — Cisco Umbrella Rank: 923
2 KB
18 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1611
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1511
ssbsync.smartadserver.com — Cisco Umbrella Rank: 774
8 KB
16 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 984
match.sharethrough.com — Cisco Umbrella Rank: 559
2 KB
14 cootlogix.com
prebid.cootlogix.com — Cisco Umbrella Rank: 4723
sync.cootlogix.com — Cisco Umbrella Rank: 2264
4 KB
13 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 246
secure.adnxs.com — Cisco Umbrella Rank: 495
9 KB
12 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 511
ssum.casalemedia.com — Cisco Umbrella Rank: 1451
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 486
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625
dsum.casalemedia.com
9 KB
12 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
cm.g.doubleclick.net — Cisco Umbrella Rank: 245
171 KB
9 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 1165
x.bidswitch.net — Cisco Umbrella Rank: 351
2 KB
8 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 662
ads.pubmatic.com — Cisco Umbrella Rank: 534
image6.pubmatic.com — Cisco Umbrella Rank: 823
18 KB
8 openx.net
rtb.openx.net — Cisco Umbrella Rank: 695
us-u.openx.net — Cisco Umbrella Rank: 522
1 KB
8 ay.delivery
vrl9rgsahh7mx6ndn.ay.delivery — Cisco Umbrella Rank: 189402
313 KB
7 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 567
4 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 353
2 KB
7 contextweb.com
bid.contextweb.com — Cisco Umbrella Rank: 3177
bh.contextweb.com — Cisco Umbrella Rank: 547
4 KB
7 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 306
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 598
aax.amazon-adsystem.com — Cisco Umbrella Rank: 394
s.amazon-adsystem.com — Cisco Umbrella Rank: 310
71 KB
6 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 327
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 492
1 KB
6 brainlyads.com
report2.hb.brainlyads.com — Cisco Umbrella Rank: 4730
4 KB
6 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 683
ce.lijit.com — Cisco Umbrella Rank: 882
613 B
5 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 592
2 KB
5 adform.net
c1.adform.net — Cisco Umbrella Rank: 599
3 KB
5 connectad.io
cdn.connectad.io — Cisco Umbrella Rank: 5186
sync-eu.connectad.io — Cisco Umbrella Rank: 4363
2 KB
5 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 689
3 KB
5 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 572
eb2.3lift.com — Cisco Umbrella Rank: 417
2 KB
5 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 751
848 B
5 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1987
sync.go.sonobi.com — Cisco Umbrella Rank: 931
3 KB
5 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 746
696 B
5 unrulymedia.com
targeting.unrulymedia.com — Cisco Umbrella Rank: 792
sync.targeting.unrulymedia.com
1 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1359
112 KB
5 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 3022
tr.outbrain.com — Cisco Umbrella Rank: 2814
wave.outbrain.com — Cisco Umbrella Rank: 3006
9 KB
4 media.net
prebid.media.net — Cisco Umbrella Rank: 1335
contextual.media.net — Cisco Umbrella Rank: 691
hbx.media.net — Cisco Umbrella Rank: 1337
11 KB
4 assertcom.de
api.assertcom.de — Cisco Umbrella Rank: 10702
1 KB
3 socdm.com
tg.socdm.com
2 KB
3 zemanta.com
b1sync.zemanta.com
927 B
3 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1055
76 B
3 ipredictive.com
sync.ipredictive.com
1 KB
3 admedo.com
pool.admedo.com
793 B
3 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 2437
871 B
3 turn.com
ad.turn.com
1 KB
3 dotomi.com
prebid-match.dotomi.com — Cisco Umbrella Rank: 2253
3 4dex.io
script.4dex.io — Cisco Umbrella Rank: 1523
mp.4dex.io — Cisco Umbrella Rank: 2070
27 KB
3 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 440
2 KB
3 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 454
dis.criteo.com
739 B
3 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
308 B
3 vidazoo.com
static.vidazoo.com — Cisco Umbrella Rank: 3115
63 KB
2 liadm.com
i.liadm.com
1 KB
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 1372
1 KB
2 gstatic.com
fonts.gstatic.com
173 KB
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 894
104 B
2 dblks.net
prebid.dblks.net — Cisco Umbrella Rank: 81590
dblksync.dblks.net
8 KB
2 colossusssp.com
colossusssp.com — Cisco Umbrella Rank: 1290
sync.colossusssp.com — Cisco Umbrella Rank: 1426
139 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6862
563 B
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1481
104 KB
2 flashtalking.com
d9.flashtalking.com — Cisco Umbrella Rank: 1807
12 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
158 KB
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1608
349 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 940
285 B
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 674
2 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
4 KB
1 marphezis.com
brightcombid.marphezis.com — Cisco Umbrella Rank: 19722
229 B
1 yellowblue.io
hb.yellowblue.io — Cisco Umbrella Rank: 2448
434 B
1 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1462
382 B
1 qortex.ai
cpm.qortex.ai — Cisco Umbrella Rank: 22266
264 B
1 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3706
431 B
1 seedtag.com
s.seedtag.com — Cisco Umbrella Rank: 1735
8 KB
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1421
45 KB
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 928
277 B
1 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 2498
319 B
1 adgarden.market
adgarden.market — Cisco Umbrella Rank: 69361
8 KB
401 74
Domain Requested by
27 usersync.gumgum.com rtb.gumgum.com
22 s.0cf.io vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
rtb.gumgum.com
22 heroinvesting.com heroinvesting.com
16 pbs.nextmillmedia.com vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
ssum-sec.casalemedia.com
13 btlr.sharethrough.com vrl9rgsahh7mx6ndn.ay.delivery
13 g2.gumgum.com vrl9rgsahh7mx6ndn.ay.delivery
13 ssc.33across.com vrl9rgsahh7mx6ndn.ay.delivery
13 prg.smartadserver.com vrl9rgsahh7mx6ndn.ay.delivery
13 fastlane.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
13 prebid.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
12 exchange.kueezrtb.com vrl9rgsahh7mx6ndn.ay.delivery
10 eus.rubiconproject.com vrl9rgsahh7mx6ndn.ay.delivery
eus.rubiconproject.com
cookies.nextmillmedia.com
rtb.gumgum.com
9 ib.adnxs.com 6 redirects
8 cm.g.doubleclick.net 5 redirects rtb.gumgum.com
8 x.bidswitch.net 4 redirects rtb.gumgum.com
8 vrl9rgsahh7mx6ndn.ay.delivery heroinvesting.com
vrl9rgsahh7mx6ndn.ay.delivery
7 sync.1rx.io 7 redirects
7 match.adsrvr.org s.0cf.io
rtb.gumgum.com
ssum-sec.casalemedia.com
6 rtb.gumgum.com s.0cf.io
rtb.gumgum.com
6 bh.contextweb.com 5 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
6 report2.hb.brainlyads.com heroinvesting.com
5 token.rubiconproject.com eus.rubiconproject.com
5 creativecdn.com 5 redirects
5 c1.adform.net 5 redirects
5 sync.srv.stackadapt.com 5 redirects
5 cookies.nextmillmedia.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
cookies.nextmillmedia.com
5 ssc-cms.33across.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
cookies.nextmillmedia.com
5 ap.lijit.com 1 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
5 prebid.a-mo.net 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
5 onetag-sys.com vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
4 us-u.openx.net 4 redirects
4 secure.adnxs.com 4 redirects
4 secure-assets.rubiconproject.com 4 redirects
4 image8.pubmatic.com s.0cf.io
cookies.nextmillmedia.com
4 rtb.openx.net s.0cf.io
cookies.nextmillmedia.com
4 sync.go.sonobi.com s.0cf.io
4 eb2.3lift.com 3 redirects vrl9rgsahh7mx6ndn.ay.delivery
s.0cf.io
4 api.assertcom.de vrl9rgsahh7mx6ndn.ay.delivery
4 gtrack.kueezrtb.com heroinvesting.com
4 track.kueezrtb.com heroinvesting.com
4 cdn.heroinvesting.com heroinvesting.com
3 tg.socdm.com 3 redirects
3 ads.pubmatic.com rtb.gumgum.com
3 ssbsync.smartadserver.com 3 redirects
3 b1sync.zemanta.com 3 redirects
3 match.deepintent.com rtb.gumgum.com
3 sync.ipredictive.com 3 redirects
3 pr-bh.ybp.yahoo.com rtb.gumgum.com
3 pool.admedo.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects cookies.nextmillmedia.com
ssum-sec.casalemedia.com
3 match.sharethrough.com s.0cf.io
3 ads.servenobid.com s.0cf.io
3 ups.analytics.yahoo.com s.0cf.io
3 sync.targeting.unrulymedia.com 2 redirects s.0cf.io
3 ad.turn.com 3 redirects
3 ssum.casalemedia.com 3 redirects s.0cf.io
3 prebid-match.dotomi.com s.0cf.io
3 cdn.connectad.io s.0cf.io
3 prebid-server.rubiconproject.com s.0cf.io
3 fundingchoicesmessages.google.com vrl9rgsahh7mx6ndn.ay.delivery
3 id5-sync.com vrl9rgsahh7mx6ndn.ay.delivery
3 region1.google-analytics.com www.googletagmanager.com
3 c.amazon-adsystem.com heroinvesting.com
c.amazon-adsystem.com
3 tr.outbrain.com amplify.outbrain.com
3 static.vidazoo.com heroinvesting.com
static.vidazoo.com
2 i.liadm.com 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 sync-eu.connectad.io cdn.connectad.io
2 hbx.media.net 2 redirects s.0cf.io
2 sync.mathtag.com 2 redirects s.0cf.io
2 ssbsync-global.smartadserver.com 2 redirects s.0cf.io
2 fonts.gstatic.com heroinvesting.com
fonts.googleapis.com
2 i.clean.gg cadmus.script.ac
2 targeting.unrulymedia.com vrl9rgsahh7mx6ndn.ay.delivery
2 www.google.de heroinvesting.com
2 www.google.com heroinvesting.com
2 script.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
script.4dex.io
2 cdn.confiant-integrations.net vrl9rgsahh7mx6ndn.ay.delivery
cdn.confiant-integrations.net
2 d9.flashtalking.com vrl9rgsahh7mx6ndn.ay.delivery
d9.flashtalking.com
2 gum.criteo.com vrl9rgsahh7mx6ndn.ay.delivery
2 googleads.g.doubleclick.net www.googletagmanager.com
vrl9rgsahh7mx6ndn.ay.delivery
2 securepubads.g.doubleclick.net heroinvesting.com
securepubads.g.doubleclick.net
2 www.googletagmanager.com heroinvesting.com
www.googletagmanager.com
2 static.kueezrtb.com heroinvesting.com
static.kueezrtb.com
1 dblksync.dblks.net s.0cf.io
1 image6.pubmatic.com ads.pubmatic.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 dmp.brand-display.com 1 redirects
1 dis.criteo.com ssum-sec.casalemedia.com
1 csync.loopme.me 1 redirects
1 js-sec.indexww.com vrl9rgsahh7mx6ndn.ay.delivery
1 ce.lijit.com vrl9rgsahh7mx6ndn.ay.delivery
1 sync.colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
1 sync.cootlogix.com vrl9rgsahh7mx6ndn.ay.delivery
1 contextual.media.net vrl9rgsahh7mx6ndn.ay.delivery
1 fonts.googleapis.com
1 brightcombid.marphezis.com vrl9rgsahh7mx6ndn.ay.delivery
1 bid.contextweb.com vrl9rgsahh7mx6ndn.ay.delivery
1 tlx.3lift.com vrl9rgsahh7mx6ndn.ay.delivery
1 mp.4dex.io vrl9rgsahh7mx6ndn.ay.delivery
1 prebid.media.net vrl9rgsahh7mx6ndn.ay.delivery
1 hb.yellowblue.io vrl9rgsahh7mx6ndn.ay.delivery
1 htlb.casalemedia.com vrl9rgsahh7mx6ndn.ay.delivery
1 a.teads.tv vrl9rgsahh7mx6ndn.ay.delivery
1 cpm.qortex.ai vrl9rgsahh7mx6ndn.ay.delivery
1 apex.go.sonobi.com vrl9rgsahh7mx6ndn.ay.delivery
1 prebid.dblks.net vrl9rgsahh7mx6ndn.ay.delivery
1 hb.minutemedia-prebid.com vrl9rgsahh7mx6ndn.ay.delivery
1 grid.bidswitch.net vrl9rgsahh7mx6ndn.ay.delivery
1 s.seedtag.com vrl9rgsahh7mx6ndn.ay.delivery
1 colossusssp.com vrl9rgsahh7mx6ndn.ay.delivery
1 cadmus.script.ac vrl9rgsahh7mx6ndn.ay.delivery
1 lb.eu-1-id5-sync.com vrl9rgsahh7mx6ndn.ay.delivery
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 id.crwdcntrl.net vrl9rgsahh7mx6ndn.ay.delivery
1 lexicon.33across.com vrl9rgsahh7mx6ndn.ay.delivery
1 config.aps.amazon-adsystem.com c.amazon-adsystem.com
1 u.kueezrtb.com static.kueezrtb.com
1 wave.outbrain.com amplify.outbrain.com
1 amplify.outbrain.com heroinvesting.com
1 adgarden.market heroinvesting.com
401 122

This site contains no links.

Subject Issuer Validity Valid
*.heroinvesting.com
Amazon RSA 2048 M02		 2023-02-15 -
2024-03-16		 a year crt.sh
*.adgarden.market
Amazon RSA 2048 M01		 2023-02-08 -
2024-03-08		 a year crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-09 -
2024-02-11		 a year crt.sh
heroinvesting.com
E1		 2023-10-27 -
2024-01-25		 3 months crt.sh
ay.delivery
GTS CA 1P5		 2023-10-28 -
2024-01-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
kueezrtb.com
GTS CA 1P5		 2023-10-18 -
2024-01-16		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2023-12-23		 3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02		 2023-02-20 -
2024-03-20		 a year crt.sh
lexicon.33across.com
GTS CA 1D4		 2023-10-01 -
2023-12-30		 3 months crt.sh
tag.device9.com
Go Daddy Secure Certificate Authority - G2		 2023-07-19 -
2024-08-19		 a year crt.sh
*.id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02		 2023-10-08 -
2024-11-06		 a year crt.sh
confiant-integrations.net
GTS CA 1P5		 2023-11-19 -
2024-02-17		 3 months crt.sh
script.4dex.io
Cloudflare Inc ECC CA-3		 2023-10-23 -
2024-10-22		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.eu-1-id5-sync.com
R3		 2023-11-01 -
2024-01-30		 3 months crt.sh
api.assertcom.de
R3		 2023-10-15 -
2024-01-13		 3 months crt.sh
script.ac
E1		 2023-10-31 -
2024-01-29		 3 months crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA		 2023-05-10 -
2024-05-10		 a year crt.sh
*.cootlogix.com
Sectigo RSA Domain Validation Secure Server CA		 2023-10-19 -
2024-11-17		 a year crt.sh
*.colossusssp.com
Go Daddy Secure Certificate Authority - G2		 2023-09-08 -
2024-10-09		 a year crt.sh
*.seedtag.com
Sectigo RSA Domain Validation Secure Server CA		 2023-03-29 -
2024-04-15		 a year crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2023-03-23 -
2024-03-23		 a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
pbs.nextmillmedia.com
Amazon RSA 2048 M01		 2023-06-13 -
2024-07-12		 a year crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M01		 2023-04-18 -
2024-05-16		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.dblks.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-15 -
2024-08-14		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2022-12-06 -
2024-01-07		 a year crt.sh
qortex.ai
R3		 2023-11-14 -
2024-02-12		 3 months crt.sh
teads.tv
R3		 2023-11-03 -
2024-02-01		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.kueezrtb.com
Sectigo RSA Domain Validation Secure Server CA		 2023-08-17 -
2024-09-14		 a year crt.sh
ssc.33across.com
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com
Amazon RSA 2048 M01		 2023-07-17 -
2024-08-14		 a year crt.sh
casalemedia.com
Cloudflare Inc ECC CA-3		 2023-05-21 -
2024-05-20		 a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M02		 2023-04-19 -
2024-05-17		 a year crt.sh
*.a-mo.net
R3		 2023-11-07 -
2024-02-05		 3 months crt.sh
prebid.media.net
GTS CA 1D4		 2023-10-28 -
2024-01-26		 3 months crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-06-14 -
2024-07-12		 a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-10 -
2024-05-09		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2023-05-06 -
2024-05-04		 a year crt.sh
*.marphezis.com
Sectigo RSA Domain Validation Secure Server CA		 2023-01-03 -
2024-01-03		 a year crt.sh
report2.hb.brainlyads.com
R3		 2023-10-22 -
2024-01-20		 3 months crt.sh
i.clean.gg
GTS CA 1D4		 2023-11-14 -
2024-02-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2023-09-06 -
2024-09-30		 a year crt.sh
cookies.nextmillmedia.com
Amazon RSA 2048 M02		 2023-06-13 -
2024-07-11		 a year crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-10 -
2024-02-18		 a year crt.sh
indexww.com
Cloudflare Inc ECC CA-3		 2023-09-05 -
2024-09-03		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
connectad.io
Cloudflare Inc ECC CA-3		 2023-03-16 -
2024-03-15		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2023-08-15 -
2024-09-15		 a year crt.sh
*.openx.net
RapidSSL TLS RSA CA G1		 2023-08-18 -
2024-08-18		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-03 -
2024-01-24		 6 months crt.sh
ads.servenobid.com
Amazon RSA 2048 M01		 2023-04-29 -
2024-05-27		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2023-04-20 -
2024-05-20		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-08-29 -
2024-02-21		 6 months crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-11-30 -
2024-01-01		 a year crt.sh
*.ad-server.k8s.ie.ggops.com
Amazon RSA 2048 M02		 2023-02-08 -
2024-02-15		 a year crt.sh
dblks.net
GTS CA 1P5		 2023-10-21 -
2024-01-19		 3 months crt.sh

This page contains 108 frames:

Primary Page: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Frame ID: 99BD9C8E4F76E281C339D7388651EB6B
Requests: 228 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Frame ID: 384E7FB8DAA7CC2BBB37B7A6086DED0F
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Frame ID: 0CADD23234FFA1FD1BEF371C30B2C366
Requests: 5 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: 6A50C513EF6181F613E9B8AB5D446B6C
Requests: 1 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/sync?type=iframe
Frame ID: 8CF6D73EE9072BCC0CE091AE4673AC62
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch
Frame ID: E299916138F0ED04435A97F86027397F
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1700668057752
Frame ID: 2B69A9E5FE9A235F9B2344CBF466670A
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: FB2794B4524D42A9B93D289534171CF9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 46F969FEC9B1B6CF8DDB2F1AAE225D1A
Requests: 3 HTTP requests in this frame

Frame: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 42477F80F3C30A035A02713BF5C7E4DA
Requests: 1 HTTP requests in this frame

Frame: https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Frame ID: B7D0D90408ECABB9025955095F9227BC
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: C2255819E9A0B1A62913FD17402ED428
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/beacon?informer=13530234
Frame ID: 97EB23D6F6A4080A23380A719529219B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 082764DF75F63002CC50DF15C4079EC2
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 25BFFF05A1C894031499D7FEB76404BD
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 597EC72D649D7F510AF42D29D9022BEB
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Frame ID: 6849B4E5F544FDEE69536CD952A918EE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Frame ID: AE5C4AB58158A95955F9CD94DB85278F
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: AE8B3A2BA43EBDC560831DBEEDD601DE
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: E5E356B5B5492D0A6328F3AD3EF61010
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Frame ID: BEB370E7B2FA9CF4D8E8DD333DEB7F98
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Frame ID: C545B05A4DB1843F0F58AD309C6ED493
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: BBA6877601555E00A995AEEAF792B0B8
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Frame ID: 2EF08E87819A3FB6CDC0DFD04D51A2F4
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 876B40EE42020EB3C942930A5781385A
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: BB8B31157D11CBA18E3AF5759A8A8EEB
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Frame ID: EC72CFFB71B27F2BE3096934B531D1FE
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 18D7B6A4F31391848F64CE28CBBA9349
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 2E18ADC061884BFE339687C986145AF2
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: 13651C3B12561F990DDFC3D023B0252C
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: DBD85E8EF7E64C1E2C50511A85440CA7
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=113b5a615e60f437
Frame ID: C4916B78CF1CE79B75F9A4786E9B5F7E
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0FFFF1D801A84116D10F034798DFEA93
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 3F2CCC95375939AB4732591D5C6B1A4D
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3889965644092935638
Frame ID: C46986D91051B29DC444FF3150A16134
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Frame ID: D6F29535ED533FCB992790240A450890
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Frame ID: 2039A0868EC0CD267EAE05AE4985C7ED
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Frame ID: 1E951024862FD48A08B59D40B96DD23C
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Frame ID: C994372F283AE2E1C5E1A60EA9E2E5F9
Requests: 3 HTTP requests in this frame

Frame: https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Frame ID: 8FD20D8E2D37565A9BBC6986AF419B8C
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Frame ID: 5F701E6B5365BD6A31B0D3CC0C28AC20
Requests: 1 HTTP requests in this frame

Frame: https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2
Frame ID: F6EECEC4EAB5EE25C6E06A7864EA75F6
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Frame ID: 4CD0B06A77F041136F54BDCDE33D98BC
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 1877F47EEF177D026115A4BF7D1409E0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 61C6388FCC2DE3C33219A4A1F8840F92
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 499132F100584C83C96510114ED71281
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7l0AAAAA
Frame ID: 811BFF2D57965874647C6322C6CA948E
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum&tc=1
Frame ID: 7036225727E6254AD685F2B43D902BE0
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: F362F0580FA279F71542544F456D3FCE
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 71DBD1C13536A0935F3C8B6FE055F6AF
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 13D1426962C42005973B8C40782DDAAD
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: F8D8130D14ABBB6AFB10965C81A1A53B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 6D0DBF22650CFF7C4A15B95F6F5AA1D2
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Frame ID: E1DBF873A0DF1654D731253CD7DC78F6
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Frame ID: 5372591EF0B497F5D393D16779588B10
Requests: 11 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0E15DDEC3E4AA1227C380FF2C0B5B2F6
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 81551BC857C01D1A988FFCAB0D8368E7
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Frame ID: 394A9321EBBF25D2DC8609D317ED78EE
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 52A4F289E389D43BB95A7CF1802CFA4B
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: C25D3C1B72AB489AC7C038FA58DD7216
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Frame ID: F96DC8439CF901881D828978E660A524
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 896BD377C25CDFB60CAAA36C1B9ABD0A
Requests: 5 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: 0F6EEF45DE4DC58B99619AB9D13A1F29
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Frame ID: 1B8740C485A98EF206388D91384CD4FF
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 323D8E83821E1EC26895AA7A74F94E75
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: C130597D17E6642187AE2EF588DB1D3B
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: E6258258A112712A0CB7D427FEAC668D
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 3E6C4606CE47A01761903442F077EA7E
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=113b5a615e60f437
Frame ID: 7DC436D03B0463BC6B64B40AB69DD938
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 0673C35EC633C7DEE38E8719EC4E7346
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 6A5833CC823F1FD786D40F4BB56B812C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Frame ID: F81A2FDF8A72591BF14108C03990388C
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 85CE5BEC0A6E76B6D2314CB7E83D240A
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 9A1A1B548929441974C41C43F0D07A1F
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 7893561E9FBC3BC1262D276ED71D9DD5
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5sAAAOAZaUkAAAAA
Frame ID: 18D781A8964B05208F6BF63E803883CF
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Frame ID: E5B2B7DF7EF02BE8F22559244DDD9269
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: B18391794E381A8EC0AB76EC701F647A
Requests: 3 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 4EA3E96DE981311B04D908B73D912F0B
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID
Frame ID: 0F77F88CF9B7132A46E68571CCC8BD61
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 05DE933A74FD40874E46B6EE0A869518
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Frame ID: D18F58EB9097400A53846D79B6E907A7
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Frame ID: C5655445E6A7C7013E4D21B3645FEAA4
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D
Frame ID: 61ADB1703BAF32122D457428B211219C
Requests: 1 HTTP requests in this frame

Frame: https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Frame ID: 1AB1806BD664B35BB2215164D01A8D92
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Frame ID: 76E8CA5301E59F8169185CBD5E12E628
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Frame ID: 9447BD68B17C14305F30B8E9B23408A7
Requests: 1 HTTP requests in this frame

Frame: https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
Frame ID: 67B755F04558180080E0AB0320626C28
Requests: 1 HTTP requests in this frame

Frame: https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Frame ID: E1838C148B437E9DB8BE86F90B81C9CD
Requests: 1 HTTP requests in this frame

Frame: https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D
Frame ID: 2314A5D58CFD4F03372E10F870AAC0D3
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Frame ID: A8F760FC8B9D267BCB05C577818CBA53
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Frame ID: B7C63A061DD76A72FBD2F3CD45207FD3
Requests: 1 HTTP requests in this frame

Frame: https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Frame ID: 601C46AE21502BC140A149D3A1F85F3D
Requests: 1 HTTP requests in this frame

Frame: https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25
Frame ID: B606D8361A9CB4F0A28A1A4289F01A20
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Frame ID: 3BDC46973D7F9BB04DB2ED15B50CBC0B
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Frame ID: D02E77098A2254F073CD466AEB79ABB0
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=113b5a615e60f437
Frame ID: A1A1FC13883978F0289E724C303853AD
Requests: 1 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D
Frame ID: 79AEF1C81E62B2348627E9866CDDBE7D
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D88%26uid%3D%3Cvsid%3E
Frame ID: B4DA353CF0368C76C4743DCDF35226AB
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Frame ID: 24E0712D20CE55F3BF948EBCAB5818AA
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Frame ID: 62C1CA28A1162E49DE08D96D20400CBD
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: C970C85BF333A0EE09EAA9496DC8D661
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 858D2F71533DC83E96A206226E3034F2
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Frame ID: 6CB2BDF1AB6F2BB768F539DB426CC0F1
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7p4AAAAA
Frame ID: BD5C27132349D38C0241C7714F151F6F
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Frame ID: FD04956FDCAABD9629207D9D2D0A8325
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 9B677E37F3F5A8B5D6ACBE5162F9FA76
Requests: 3 HTTP requests in this frame

Frame: https://dblksync.dblks.net/dblksync/
Frame ID: D82757C27FED730311C7F7AC3473E47F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Big Brands Hidden Behind Costco Kirkland

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

401
Requests

89 %
HTTPS

25 %
IPv6

74
Domains

122
Subdomains

94
IPs

10
Countries

2784 kB
Transfer

7569 kB
Size

66
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 237
  • https://ap.lijit.com/beacon?informer=13530234 HTTP 301
  • https://ce.lijit.com/beacon?informer=13530234
Request Chain 241
  • https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=_A4x8fptXpVRj0abhccC4tly2hM
Request Chain 243
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fib.adnxs.com%2Fgetuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 244
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 250
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D&s=184932&C=1 HTTP 302
  • https://s.0cf.io/
Request Chain 254
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700668061711 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=2403023580 HTTP 302
  • https://sync.1rx.io/usersync/turn/3767009703109338317?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3DRX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003 HTTP 302
  • https://s.0cf.io/
Request Chain 256
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 261
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 263
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 264
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437 HTTP 302
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
Request Chain 265
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 266
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 267
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526uid%253D%2524UID HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=3889965644092935638 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3889965644092935638
Request Chain 270
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Request Chain 271
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid= HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Request Chain 272
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D HTTP 302
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Request Chain 274
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%7Bviewer_token%7D HTTP 307
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2&gdpr_consent=null&gdpr=null HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2
Request Chain 275
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=3183561628214952645
Request Chain 276
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661 HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
Request Chain 277
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Request Chain 278
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Request Chain 280
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=3c1e7e1e-d509-4f19-8bd6-0eda12b486f6
Request Chain 282
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 283
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=bnTgKkSqntyi&ev=1&pid=558355
Request Chain 284
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Request Chain 285
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Request Chain 289
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7l0AAAAA
Request Chain 290
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum&tc=1
Request Chain 291
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 294
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKsGK5gU307OgSM-mxOTDOI&google_cver=1
Request Chain 295
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid=&dcc=t
Request Chain 296
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4inQfoXk0y617BLTqixAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIHWP-NSJr277JgADmG90d8&google_cver=1
Request Chain 298
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=_A4x8fptXpVRj0abhccC4tly2hM
Request Chain 299
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196
Request Chain 300
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4inQfoXk0y617BLTqixAAA%265196&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 303
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4inQfoXk0y617BLTqixAAA%265196&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=3ece3bcf175d474da61da8fbb1899614 HTTP 303
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Request Chain 301
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=939b6fc8-9345-5019-380f7288
Request Chain 302
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4inQfoXk0y617BLTqixAAA%265196 HTTP 302
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4inQfoXk0y617BLTqixAAA&5196
Request Chain 306
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 307
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID HTTP 302
  • https://s.0cf.io/
Request Chain 313
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 317
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=3958963466 HTTP 302
  • https://sync.1rx.io/usersync/turn/3694952109071410381?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3DRX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003 HTTP 302
  • https://s.0cf.io/
Request Chain 319
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D HTTP 302
  • https://s.0cf.io/
Request Chain 324
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
  • https://s.0cf.io/
Request Chain 326
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://s.0cf.io/
Request Chain 327
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437 HTTP 302
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
Request Chain 328
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D HTTP 302
  • https://s.0cf.io/
Request Chain 329
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D88%26uid%3D%3Cvsid%3E HTTP 302
  • https://s.0cf.io/
Request Chain 331
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
Request Chain 332
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=8632191893802332344&ssp=gumgum2
Request Chain 333
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Request Chain 334
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Request Chain 336
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=90c03a72-5f39-4b13-be55-0bc97af63175
Request Chain 338
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 339
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=apUIM5il8Vwd&ev=1&pid=558355
Request Chain 340
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Request Chain 341
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Request Chain 345
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5sAAAOAZaUkAAAAA
Request Chain 346
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Request Chain 347
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum
Request Chain 350
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 302
  • https://ib.adnxs.com/getuidj
Request Chain 361
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=5538215840 HTTP 302
  • https://sync.1rx.io/usersync/turn/3694952109071410381?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
Request Chain 371
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437 HTTP 302
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
Request Chain 374
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
  • https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
Request Chain 375
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
Request Chain 376
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Request Chain 377
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Request Chain 379
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
  • https://usersync.gumgum.com/usersync?b=vnt&i=4eb16b75-6a79-4990-808d-c4f79376c656
Request Chain 381
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__ HTTP 302
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Request Chain 382
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
  • https://usersync.gumgum.com/usersync?b=pln&i=fpfDnCGJA9N5&ev=1&pid=558355
Request Chain 383
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0 HTTP 302
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Request Chain 385
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0 HTTP 302
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Request Chain 389
  • https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7p4AAAAA
Request Chain 390
  • https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Request Chain 391
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=gumgum

401 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/ 		203 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
2d1ff3976b3b7aa422dbb426f453a7a2932a9b7ae033b0803910922f4bbb17ef

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
none
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 22 Nov 2023 15:47:36 GMT
etag
"32c37-wq86/fITZ2dBFskFceb28HxYWXs"
server
nginx/1.20.2
server-timing
total;dur=54;desc="Nuxt Server Time"
vary
Accept-Encoding
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
x-amz-cf-id
mTOw9k-_Es7jOPuutcHUbknIdAiLJ9jlxEr7eyQpq3dVHHg-vibWyw==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
adgarden.js
adgarden.market/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://adgarden.market/js/adgarden.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:3400:3:6d3c:dac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
strict-transport-security
max-age=15768000
via
1.1 0162e02b2d0212054988a68716227daa.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2023 17:19:53 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA56-P5
etag
W/"1dc4-65394e39.79a4fa5"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript
access-control-allow-origin
*
accept-ranges
bytes
content-length
7620
x-amz-cf-id
73K81OrpPD-Qnfkwm_pNeI_ox0KOtAxnnnlD1FwRKPMBfxRI9_g4Ww==
fe5ac4e.js
heroinvesting.com/_nuxt/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/fe5ac4e.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:05:48 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
470508
etag
W/"1019-18bda302e33"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
4ap--Ooj3zPJVy_BnffQNAH062nB72kmQPBHDfR5rDrN_fx8tZtcgw==
18f6c11.js
heroinvesting.com/_nuxt/ 		191 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/18f6c11.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"2fa61-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
sB8Ud3TSDVk6FaJ5rmJjE0Y5IA2veA5lWWHlYAgQjwPgYCguv6ZZDQ==
8484dd0.js
heroinvesting.com/_nuxt/ 		401 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/8484dd0.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"6439c-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
oXTbfX6imK7E79qpX1wrO-Qxkne2EJfsyFdgkW9ywRVTM38WM8jrIw==
f132adf.js
heroinvesting.com/_nuxt/ 		123 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f132adf.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"1eaf0-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
q1AzYBVtkrf8C-nAAslQwnInaV7PyBxM833_QMlLYIHl8pUyq_vanQ==
f7c01dd.js
heroinvesting.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f7c01dd.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
5a6922d6039706cf85aa18ce219860d4a1146ec59157edf6f4e06fed8cac88c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"149d-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
SURU4BcVOH9u_qbDUf_u7faF0_QmvFEjvP6BCz3b4bUmbVXMRwQDuQ==
ef5d8ca.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/ef5d8ca.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:58 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"97a-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
dvNk-88RmzJqRx1DT1kxLOMFxDDQ1aKRLzC4uBIvE5F09YZrDHhEKw==
2c54a23.js
heroinvesting.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/2c54a23.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"1397-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
5feGPipPbqw_9nezYtjUQlKSjimRJTO5XmJuObErNM9k9gJE6wBrAA==
6263ac0.js
heroinvesting.com/_nuxt/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/6263ac0.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
ebe674facbc5b1f5e8060915b29d1ddccfecfbbc5fa6ae9098da9a4231377e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:58 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"397d-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
dJOKIN_v-9Foz8CIgpJpkJ0S1Tj2Ac23c32XhDp0BNHbqPx1WlZ4qA==
06c426e.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/06c426e.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
e6a1fae9b9c1045cde15a1cd74704fb037ddc78c4f375ebbc5f197a6db64678b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"6fa-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
1e3GLXMsJ9OffDzqCmO-JFaoAq4AFo0y7Uc6rDPTr6A1P4v3MMInng==
75a7d47.js
heroinvesting.com/_nuxt/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/75a7d47.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
83e4fecbbe3938653edd82602b3e3a0bd98509c5f8e50a8cd82b393695a1b9bb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"fa4-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
je35p8qc9n35Z6jOLHg3NSkOAboGrWikuXc3Pult3ln-hmuGXWTiOQ==
d590592.js
heroinvesting.com/_nuxt/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/d590592.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
77177ed004787a92ed9c83e7abd219b55425dff8d70d1e93a261f2ea7c01efdb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"bb1-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
If8WDmh76TidGw0gIA8ncyxfJRAA7p54pppeEoG7cfIOwzfsFauEhA==
obtp.js
amplify.outbrain.com/cp/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.32.185.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-185-60.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
011461c1c6f5df3ae6c896f8337fd8313df8e1cc3138edd02f35616758d0e875

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:36 GMT
Content-Encoding
gzip
Last-Modified
Wed, 01 Nov 2023 12:14:17 GMT
Server
AkamaiNetStorage
ETag
"66c44dc573436975fc0e331ffa027e25:1698844090.885364"
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-RG
EU
Cache-Control
max-age=1200
X-CC
DE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7738
Expires
Wed, 22 Nov 2023 16:07:36 GMT
f9718382f4ac8b8ecab5d3b19d3da446.svg
heroinvesting.com/_nuxt/ 		13 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f9718382f4ac8b8ecab5d3b19d3da446.svg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:04:54 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 18:50:11 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
592962
etag
W/"355c-18bd451c7a1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
O3GDF-e0Sx03kCc-3aEQfvv8mUK4szWRfm-lbsuQP28BZNOpHHqAIg==
heroinvesting.61dbeee.png
heroinvesting.com/_nuxt/img/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://heroinvesting.com/_nuxt/img/heroinvesting.61dbeee.png
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 04:54:14 GMT
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
557602
etag
W/"5b89-18bd47e18a9"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
23433
x-amz-cf-id
m4gfxMqVNOhN2qyHNwRzGjPxTVyZbtUgjhjdBxrBbDSTKzBvgRfTcw==
Costco.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Costco.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
43bf60671c41e18a46c4b12077ddf6e7982cd0700ce49bbc7158619a2a3e49b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
111784
last-modified
Tue, 12 Apr 2022 18:21:28 GMT
server
cloudflare
etag
W/"1b4a8-1801f025743"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u8ctOSPv3i2mT%2FeQAORo74fkeeZXowuNaOT5joxSd2DvwWGx5nHwEu8K4aRsGrmDytqQkmvPZSLSivKAtwIAA9AO27Ps0KB3Z3JkvoeE%2Fh04qiQTY8AtskT3k5EJaEd1B%2BsrtDyaBXZHQX3cEcLr7LwF8%2Fo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a24fd92f7a65c2-FRA
x-proxy-cache
MISS
vRL9rGsaHH7Mx6NDN
vrl9rgsahh7mx6ndn.ay.delivery/manager/ 		744 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager/vRL9rGsaHH7Mx6NDN
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"618080fa3647e52d79c7df21"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EenM55%2BV%2Fb8mYnq2aV8rub4PRx3ce9b3UvxgYCZo9yq80Gsxfq%2BWU%2BHVN8QXHfAOWA%2BZLtbCAzAIUH912F1%2BxSxWwMnAkqgTrP%2BsDAauw9M5sjOSYcXmtTYTqcSfRw4Jp%2FFRp1LGk%2FjatmqKpGkoTuushipp%2FmSn8xZZ4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
cf-ray
82a24fd91ff718db-FRA
link
<https://securepubads.g.doubleclick.net/tag/js/gpt.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod>; rel=preload; as=script, <https://c.amazon-adsystem.com/aax2/apstag.js>; rel=preload; as=script, <https://vRL9rGsaHH7Mx6NDN.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD>; rel=preload; as=script
alt-svc
h3=":443"; ma=86400
vwpt.js
static.vidazoo.com/basev/ 		229 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/vwpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
FYK9C5AE9F0Z392J
age
36502
x-amz-server-side-encryption
AES256
content-length
56429
x-amz-id-2
067WgrQU5db2illwymlJ7atxaQdMorRuXVWUX5PuqsRWQJ0E9Gx93En/SztSVSlVQittdORRyDw=
last-modified
Tue, 07 Nov 2023 11:26:12 GMT
server
cloudflare
etag
"576a1e0bb56226dbd3a2a239a03e01ae"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a24fd919fc37d4-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:47:36 GMT
latest.js
static.kueezrtb.com/ 		439 B
757 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/latest.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
8YBRQDTQ5QYWYZQE
age
271125
x-amz-id-2
aWr2MzoOdiuwr9bq81+8ti0EuO9Jwz3Xsfs3UpWTA6WLcU1guJgtCfgvSad1fXpqeNJrqLFjDIs=
last-modified
Sun, 08 Oct 2023 15:41:30 GMT
server
cloudflare
etag
W/"f89c5fc5dc377ecc028df3e7a69bce1d"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cache-control
max-age=31536000
cf-ray
82a24fd90fd72c29-FRA
roboto-v29-latin-700.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-700.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Request headers

Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
45635
etag
W/"3dd4-17f95303b8f"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15828
x-amz-cf-id
O_V17XUZ9axggmNJiniQ_1Z5n_6h7wY6BwWHzZGgSgR0KtUs8moAfA==
roboto-v29-latin-regular.woff2
heroinvesting.com/fonts/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/fonts/roboto-v29-latin-regular.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Request headers

Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 03:07:01 GMT
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Thu, 17 Mar 2022 00:04:00 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
45635
etag
W/"3d48-17f95303b93"
x-cache
Hit from cloudfront
content-type
font/woff2
cache-control
public, max-age=86400
accept-ranges
bytes
content-length
15688
x-amz-cf-id
Y3Wjek_CX_zmH5U2XgVpVfmzDoPBnqRtHulvFJzttgUxqNNdp_xJaQ==
Kirkland-Signature-Coffee-and-Starbucks-1.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		147 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Coffee-and-Starbucks-1.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
be21c68151947530567dcb15dcf4aa169621e4ec3d2a9ef8c71ba3590e5e35cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
150880
last-modified
Wed, 20 Apr 2022 22:44:04 GMT
server
cloudflare
etag
W/"24d60-18049259fb8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lGPU6rfcbUqdran09QDgSChb%2BJecuUkfSJ2msigV0R5G8iObKDCRwlUFPNus3rGekg2peuidrgSivVEme0oQsQqgURlNqL5TlEsvc4xOC8SV18CENj5RQN0b1x0fWgkM5WUUcMj%2FNzMG6pEJVgoeis6hR08%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a24fd92f7d65c2-FRA
x-proxy-cache
MISS
Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		153 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Organic-Creamy-Peanut-Butter-and-Jif.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b698f4535cf67b7d888113bc09693d430652d57e20d67a4a31f5c8e5e3c24330

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
156833
last-modified
Tue, 12 Apr 2022 23:09:18 GMT
server
cloudflare
etag
W/"264a1-1802009db68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeBlNcaP2Af%2B3ZSmil6ihVGehJPrew9lQ9BgyyviTrL4XSDG1MWSUPtPNWJbjWcM2hDQIjo0qml9Pv5nosqeeEhQnsyrxPHBBPjlxcm0n%2BBvEjMQGBtIw5i2m%2FZxyoqYnKNrVr8g8jwcnaHAA6IBTMlkEF4%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a24fd92f7e65c2-FRA
x-proxy-cache
MISS
f6a658f.js
heroinvesting.com/_nuxt/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/f6a658f.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589657
etag
W/"445e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
ajp25rmqzKOULZEoXJNGlZcXhgnTpaIDXmjbYy96qiEVxrGE2bMALg==
latest.js
static.kueezrtb.com/js/ 		203 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.kueezrtb.com/js/latest.js?_=1700668056515
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/latest.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 09 Nov 2023 16:06:41 GMT
server
cloudflare
x-amz-request-id
QDJ07WZ0HNP1RN82
age
271147
etag
W/"42940e383bd2f06e3d801c6872fec418"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-access-control-allow-origin, x-amz-meta-access-control-allow-methods
cf-ray
82a24fd948362c29-FRA
x-amz-id-2
EklOsRKxRrbkbsp1a1DQz+ZX7qU14fGE54yRF1goc+LQu+OiBotIEuvJ4LRHU75br3/Rxg034ZM=
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=07486362884681794&referrer=&marketerId=00a660d3b681963628076d3f1e67fce8b6&name=PAGE_VIEW&dl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&g=0&obApiVersion=1.1&obtpVersion=2.0.5&ob_click_id=v4-4EyY2w7-1079981226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.225.223.63 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS
sa.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
96e260aca5d7a34e147d048fd299aa06
Content-Length
54
Content-Type
image/gif;
00a660d3b681963628076d3f1e67fce8b6
wave.outbrain.com/mtWavesBundler/handler/ 		2 B
443 B 		Script
General
Check archive.org
Download Go to
Full URL
https://wave.outbrain.com/mtWavesBundler/handler/00a660d3b681963628076d3f1e67fce8b6
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.32.185.60 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-185-60.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:36 GMT
Content-Encoding
gzip
ob-sent-time
1700649241539
ETag
W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
X-RG
EU
Cache-Control
max-age=60
X-CC
DE
Connection
keep-alive
X-TraceId
65b17ac6af7d6f4a679ec82f48c182c2
Content-Length
22
Expires
Wed, 22 Nov 2023 15:48:36 GMT
cmp.js
static.vidazoo.com/basev/cmp/1.0.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/cmp/1.0.1/cmp.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
THJ8PTYHWNR62A0S
age
37298
x-amz-server-side-encryption
AES256
content-length
1392
x-amz-id-2
/bCLEw/0kRRPQPdG4ohjpi77LgtNI7GMeVKACN7safN2h0QZjIhXIq5liCAeT70yL1BkmtvzJ1E=
last-modified
Tue, 26 Sep 2023 11:15:59 GMT
server
cloudflare
etag
"ae30727db9cee5c3bcee5965142f5f72"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a24fd98aa837d4-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:47:36 GMT
tcf.js
static.vidazoo.com/basev/tcf/1.0.2/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.vidazoo.com/basev/tcf/1.0.2/tcf.js
Requested by
Host: static.vidazoo.com
URL: https://static.vidazoo.com/basev/vwpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:751 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
gzip
cf-cache-status
HIT
x-amz-request-id
X9DEPEY3ZD7WC8CF
age
25738
x-amz-server-side-encryption
AES256
content-length
5069
x-amz-id-2
XVKZIQDeAoA9/5VercFEUpxFK7X0eJyOX6QD95DNYGtnG/73VBxEiNDDnbMv3WpwWChWrVGpgXBol3Lr0tBHmSyK98yB+fb/dPwjL+PzeEA=
last-modified
Thu, 27 Jul 2023 14:01:24 GMT
server
cloudflare
etag
"ccd7d1f71f0b08742cb487f337f006fb"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
82a24fd98aac37d4-FRA
access-control-allow-headers
Origin, Accept ,DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Length, Accept-Language, Accept-Encoding, Referer, Range
expires
Thu, 23 Nov 2023 15:47:36 GMT
js
www.googletagmanager.com/gtag/ 		243 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/8484dd0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2754346d72795e3e3c53b6743cb9302b6787a4b30c170cfa79353988658ebec9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
85941
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:47:36 GMT
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=0026862154450629117&referrer=&marketerId=00a660d3b681963628076d3f1e67fce8b6&name=PAGE_VIEW&dl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&g=0&obApiVersion=1.1&obtpVersion=2.0.5&ob_click_id=v4-4EyY2w7-1079981226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.225.223.63 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS
sa.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
ddd77b0eb710ef47d20ac70335d8f0bb
Content-Length
54
Content-Type
image/gif;
040379a.js
heroinvesting.com/_nuxt/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/040379a.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
650c82476c4211d9c7dcab13c023c507bdb5f3e2364d3a4446d67dc5c5566918

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 05:37:58 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Thu, 16 Nov 2023 22:11:12 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
468578
etag
W/"5bbc-18bda302e2f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
DMXzS9GjxUi6PwxkMbKZYcOO_OHML8JjfvDOWIFfTiEt95lyCrbnQA==
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		101 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
98d25c42082346c201348402510cd536a6a64d7c151a952b067e9ba825fed471
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31647
x-xss-protection
0
server
cafe
etag
92 / 19683 / m202311090101 / config-hash: 16204867678510254442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 22 Nov 2023 15:47:36 GMT
yield-manager-script-v2.2.8-prod
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		99 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrDZV%2FVSXoV%2BsQP9yOOQlhbHvFVGkzjJI0OrQNC1jkRkabkGBmOYkQCsZRPQsk2mAuFx9%2FVx2oVjYgaLK3AcafVEU088zQmozkReMoQ%2BADDIMWMSDNXREeghJwkWi14bAb02gyeJYdc5XMmLulqNN1uiufLujaJUM%2FOqCA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a24fda59ea18db-FRA
alt-svc
h3=":443"; ma=86400
apstag.js
c.amazon-adsystem.com/aax2/ 		267 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:43:51 GMT
content-encoding
gzip
via
1.1 857b0dca772798c338c78a1be69c955c.cloudfront.net (CloudFront), 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
last-modified
Mon, 13 Nov 2023 20:18:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1, FRA56-P6
age
226
x-amz-server-side-encryption
AES256
etag
W/"2d08dd94de483579c1dc3f3783c06f6e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
RCkhS5_2-8FL2SkrDqfbVr3I9s_GQlg-4D7lLEwvbIgjKTYVXI88kQ==
vRL9rGsaHH7Mx6NDN.deploy
vrl9rgsahh7mx6ndn.ay.delivery/manager-script/ 		565 KB
169 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8mqIz5J0xxCTirrzE2TfqLMBoMTX2vtn5QliWpBrS1vl9KjpcBQpAf6lgO38ZlF%2BJl9aTNc%2Bq%2B4prTOwDcL0DSqFxtu6dCbqC3vptf6gaRfjCiut4SUxVZ55x%2FaAIhk8F4HWWxVXdOAOsFuqCkpr%2FaI7AsihaSXhGM4gNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
82a24fda59f018db-FRA
alt-svc
h3=":443"; ma=86400
e42621d.js
heroinvesting.com/_nuxt/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/e42621d.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
842180c49522c1ce242d5d89bb09ea1e539e5ce7ac90d0969bc1ca4e495ab5f1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:00:00 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589656
etag
W/"84a-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
dMrIFDMY2OI-gX8xIiLL0aeGvR72GEUoEJsd46wf_jz2Eu9uZbpZ9g==
eb360d4.js
heroinvesting.com/_nuxt/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/eb360d4.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
05bf2ab251381493728b17ba51a3c902bd50938b723cadcbb035041f8fd684a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589656
etag
W/"c36-18bd47e18b5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
fNcLsi-TuTNWFZ543OAg5X5CbNFF3I-W_h_Y6iC6QNLdF48fzelT-Q==
14c5a00.js
heroinvesting.com/_nuxt/ 		766 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/14c5a00.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
0dbb50b756fea5b251ca8c20be90a5b8e08869bebdec3fdd1ff5da14bb6879f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:59:59 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589656
etag
W/"2fe-18bd47e18b1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
Uf5v5DwnEelrsghXb5Lrl9pCyu6t3dPuW2Rrm-JaudtdA2D8HnYAOA==
js
www.googletagmanager.com/gtag/ 		206 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8fdeab5f74264d802062ef7f6953d5b90aedc5f891d70b763808525ba530d341
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75314
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 15:47:36 GMT
collect
region1.google-analytics.com/g/ 		0
246 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668056573&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1357598203.1700668057&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=post-number&dp=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&dl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668056&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=776
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:36 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Kirkland-Signature-Pistachios-and-Wonderful-almonds-and-pistachios.jpg
cdn.heroinvesting.com/content/images/2022/04/ 		174 KB
174 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.heroinvesting.com/content/images/2022/04/Kirkland-Signature-Pistachios-and-Wonderful-almonds-and-pistachios.jpg
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/f132adf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:9447 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
21a1d627f87cdf503961420c198b2bcc9993f88235210d85186824b823e96d0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
x-proxy-https
true
alt-svc
h3=":443"; ma=86400
content-length
177699
last-modified
Tue, 12 Apr 2022 23:08:27 GMT
server
cloudflare
etag
W/"2b623-18020091477"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RSY75J4qYbVAB8uiE7Oqw8dvVc1HvvhQbQJgAQ2lWMgsRCj9yOrIyWmTneUFHKAq5MzRxmhuez7z%2BTpWlWoM4dv2RxzcLcmtJVhcpuesRhCvWeq8znGE48HTw3ISZrt%2FqEAT%2BGSjfuz4xxmjoQ%2Ft9fsi164%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
82a24fdb8a0365c2-FRA
x-proxy-cache
MISS
23331d4.js
heroinvesting.com/_nuxt/ 		1 KB
1015 B 		Script
General
Check archive.org
Download Go to
Full URL
https://heroinvesting.com/_nuxt/23331d4.js
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/_nuxt/fe5ac4e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:9e00:6:1c12:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 20:00:00 GMT
content-encoding
gzip
via
1.1 fa8c9f29fb8ef5c537a2a53f4de05240.cloudfront.net (CloudFront)
last-modified
Wed, 15 Nov 2023 19:38:35 GMT
server
nginx/1.20.2
x-amz-cf-pop
FRA60-P3
age
589656
etag
W/"47e-18bd47e18ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
sbRnD7YOEND2s_xv8NEiX459aw1p6Z_FMqIMfJ-f1pyix_LSf2QTPg==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding
gzip
via
1.1 149b1af6ad8d2c0fedea82bfb1c29c66.cloudfront.net (CloudFront)
date
Wed, 22 Nov 2023 08:49:47 GMT
x-amz-cf-pop
FRA56-P6
age
25070
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Tue, 29 Aug 2023 08:30:37 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
LllmNYjL2_WUtPA7G81zXxr_qma6bhAblgOCG5aE4Gl3mJ_6KLlgOQ==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1700668056972&cv=11&fst=1700668056972&bg=ffffff&guid=ON&async=1&gtm=45be3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&hn=www.googleadservices.com&frm=0&auid=177558417.1700668057&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10887832869&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2c35673b710da41c97f2f8307ca5d34fd107b636bf0b5f8a344c3288e2380fa9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1422
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/ 		429 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311090101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:38:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
18540
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137535
x-xss-protection
0
server
cafe
etag
18342593356503948095
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Thu, 21 Nov 2024 10:38:37 GMT
fpd
u.kueezrtb.com/ 		256 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://u.kueezrtb.com/fpd?_=1700668057048&yv=1e73753
Requested by
Host: static.kueezrtb.com
URL: https://static.kueezrtb.com/js/latest.js?_=1700668056515
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d30b762e6f1025d35f6a11b2924ebf1391c02df62cf6f36c55aa8471d77908d9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
cf-ray
82a24fdcabda2c29-FRA
content-length
233
dye
track.kueezrtb.com/ 		0
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:init&_=1700668057047
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fdcabcc2c29-FRA
dye
gtrack.kueezrtb.com/ 		0
30 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:init&_=1700668057047
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fdcabce2c29-FRA
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdr&_=1700668057048
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fdcabc92c29-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdr&_=1700668057048
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/entertainment/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fdcabcb2c29-FRA
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 22 Nov 2023 15:47:36 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
239941
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
d34c3868-1544-44a2-9899-167326b5d575
config.aps.amazon-adsystem.com/configs/ 		537 B
812 B 		Script
General
Check archive.org
Download Go to
Full URL
https://config.aps.amazon-adsystem.com/configs/d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-30.fra6.r.cloudfront.net
Software
CloudFront /
Resource Hash
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:23:03 GMT
via
1.1 7ce1191b390045e05b9cc74f7514b77a.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA6-C1
age
1474
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
content-length
537
x-amz-cf-id
ROS6JzmG1lusb9FlYzITg_V4oiAjjyOyIrhXgMzFB0L2Cto8b-xJDQ==
config
c.amazon-adsystem.com/cdn/prod/ 		0
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fheroinvesting.com&pubid=d34c3868-1544-44a2-9899-167326b5d575
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-1-25.fra56.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 10:34:01 GMT
via
1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA56-P6
age
18816
x-cache
Hit from cloudfront
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-id
7W0Pr_WBe0stS_JLibAow4s1BlxsQc1sQGPiLw9Ovewb5m39A8UJSA==
envelope
lexicon.33across.com/v1/ 		49 B
251 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lexicon.33across.com/v1/envelope?pid=0015a00003Ek3OWAAZ&gdpr=0&src=pbjs&ver=8.20.0&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:36 GMT
via
1.1 google
vary
origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
json
gum.criteo.com/sid/ 		2 B
376 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fheroinvesting.com%2F&domain=heroinvesting.com&cw=1&lsw=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:36 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
242165
expires
0
d9core
d9.flashtalking.com/ 		11 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/d9core
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
621956920794435749062962f24d6d450771b48b8cf76c518d8241143534c2cd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:36 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
ETag
5bc31bf7d4a298e1bef9d35fce222bfc
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
d9.flashtalking.com
Content-Type
application/javascript;charset=utf-8
Cache-Control
private, must-revalidate, proxy-revalidate, max-age=172800
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
10814
prebid
id5-sync.com/api/config/ 		136 B
419 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.120 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203256.ip-141-95-33.eu
Software
/
Resource Hash
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
id
id.crwdcntrl.net/ 		43 B
319 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.48.81.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-48-81-28.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
x-server
10.45.31.157
access-control-allow-credentials
true
content-length
43
expires
0
config.js
cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/ 		89 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 22 Nov 2023 13:09:14 GMT
server
cloudflare
x-amz-request-id
KEYVRB7BDZ1GBTD9
etag
W/"d8bbb9b8f6f8af77aa1625ec018c7114"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a24fdd6ffbbbfd-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
oSV7KSjThgShf6Fc5x6N96tIQGEC/HGZu7hdGKIJG9n4tFriuA0Fwe3L/Z0gLpgfDk6AZlxFJjQ=
client-v2.js
vrl9rgsahh7mx6ndn.ay.delivery/ 		90 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 22 Nov 2023 15:47:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
14
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0OgA7IQOkXUDihiZxK8XKi0TdiWzmkVDd5kEo3kbqkbugtfY%2FBAyLXN6iun1ldtLGiFJO5gegeHIaJ1DVj4CkYOWSeVki2x%2BVuEnWx%2Bw7beIZvueXo1fjsHSE2Hhtk15z5ZyjZgj4NYknkwEFa7emriiWghNnTm4YDK9bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cf-ray
82a24fdcdf490418-FRA
alt-svc
h3=":443"; ma=86400
localstore.js
script.4dex.io/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Content-Encoding
br
CF-Cache-Status
HIT
Last-Modified
Mon, 06 Nov 2023 14:13:09 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
Age
896648
ETag
W/"e90435520cec1363a82b67d8298d79a8"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4GW7sNS%2Btz%2BL2351e%2FF4%2F6k2XGQGyiQL3D0iy0mcth1%2FfmSIA1YWhvrPFGSnFxyWZNfdoI6Eskpe4FTc%2F%2F2GGVcIbo7U6R1%2Fq%2BFBpMfiJ9LxHFdGP090jK0TAd894wvAndy%2F7gkH8CiG1SY"}],"group":"cf-nel","max_age":604800}
Cache-Control
public, max-age=1800
Connection
keep-alive
CF-RAY
82a24fddafb037e6-FRA
bid
aax.amazon-adsystem.com/e/dtb/ 		23 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&pid=oB6DwxxElWPlW&cb=0&ws=1600x1200&v=23.1108.2350&t=2400&slots=%5B%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__1%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__2%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__2%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-3__ayManagerEnv__3%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-2__ayManagerEnv__3%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_leaderboard__ayManagerEnv__3%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_leaderboard%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_sticky__ayManagerEnv__1%22%2C%22s%22%3A%5B%22728x90%22%2C%22980x120%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_sticky%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_ic_1-side__ayManagerEnv__1%22%2C%22s%22%3A%5B%22320x100%22%2C%22320x50%22%2C%22300x250%22%2C%22300x100%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_ic_1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_r1__ayManagerEnv__1%22%2C%22s%22%3A%5B%22300x250%22%2C%22160x600%22%2C%22300x600%22%2C%22320x50%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_r1%22%7D%2C%7B%22sd%22%3A%22if_ay_dsk_side_l__ayManagerEnv__1%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22890879159%2Fhi_ay_dsk_side_l%22%7D%5D&pubid=d34c3868-1544-44a2-9899-167326b5d575&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A50%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.119.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-119-77.fra60.r.cloudfront.net
Software
Server /
Resource Hash
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 0dec5f752f0f332c449471a83f050dd2.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
FRA60-P1
x-amz-rid
7JT7X5SFCYB9KG36XVQX
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
23
x-amz-cf-id
OY09uLVYCiEuIArKva6GIQn4ml33ZS2EI01AR6UvRccKtJGmAODKpg==
unifiedPixel
tr.outbrain.com/ 		53 B
248 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/unifiedPixel?optOut=false&bust=05235566287286946&referrer=&marketerId=00a660d3b681963628076d3f1e67fce8b6&name=PAGE_VIEW&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&g=0&obApiVersion=1.1&obtpVersion=2.0.5&ob_click_id=v4-4EyY2w7-1079981226
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.225.223.63 Sacramento, United States, ASN3949 (NTTA-3946, US),
Reverse DNS
sa.outbrain.com
Software
/
Resource Hash
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Cache-Control
no-cache
content-encoding
br
X-TraceId
1705cbc0ffa23a7507541484eb38f014
Content-Length
54
Content-Type
image/gif;
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10887832869/?random=1700668057152&cv=11&fst=1700668057152&bg=ffffff&guid=ON&async=1&gtm=45be3b81&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&hn=www.googleadservices.com&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&auid=177558417.1700668057&uamb=0&uaw=0&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&rfmt=3&fmt=4
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7e935129a11318de63e546f68d190230eee54736d13397fc143cd80c6a16bdfe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1458
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10887832869/?random=1700668056972&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaNBdSZjOA51zIC1-YwRKXc4lQJU5paIA&random=1352769849&rmt_tld=0&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10887832869/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10887832869/?random=1700668056972&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&frm=0&data=event%3Dpage_view%3Bpage_path%3D%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&fmt=3&is_vtc=1&cid=CAQSGwDICaaNBdSZjOA51zIC1-YwRKXc4lQJU5paIA&random=1352769849&rmt_tld=1&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
22890879159
fundingchoicesmessages.google.com/i/ 		161 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/i/22890879159?ers=3
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
08b427806db85e6b17aba4fa571f7983fd8e8bc6a91a1d942fa18c938f913943
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-uER79opBRa0h3TjDmDHZYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'report-sample' 'nonce-uER79opBRa0h3TjDmDHZYg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdrd&_=1700668057213
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fde1d652c29-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:fpdrd&_=1700668057213
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fde1d692c29-FRA
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
277 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
ef3b31e180ec245d7d422dba9020d9c2dfe6b6b96e62a8343303479bcbf572bb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:36 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
/
api.assertcom.de/ 		0
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.95.177 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.177.95.55.162.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
hash
vrl9rgsahh7mx6ndn.ay.delivery/ 		4 B
590 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/hash?e=vRL9rGsaHH7Mx6NDN&k=%257B%2522utm_source%2522%253A%2522ob%2522%252C%2522utm_medium%2522%253A%2522cpc%2522%252C%2522utm_campaign%2522%253A%2522hi_cos_6-01_an_c_3%2522%252C%2522utm_term%2522%253A%25220061df1e37acfb75f995365418e6af2098%2522%257D%7C295&v=5000
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba8b61671c5a1344acefbc986cb110f88f924b2367852345131717c3ff1f19a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
4
last-modified
Wed, 22 Nov 2023 15:47:37 GMT
server
cloudflare
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZsN%2FV%2F1TlXjV42PYU3ZPB7n74dskeIw8gHb1dOrRqCosDGc%2Fy5OJDzrFQaH9%2BMgkf%2FX%2F%2FeMFP8LjXIEROMN6MrDnLPVacZsRCNydQMAjxmrOIezNu311wITdogvgVyTE0LUwo0Aw7gXa0K705u42sxwYRLfrgqeJxwndg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1800
vary
Accept-Encoding
accept-ranges
bytes
cf-ray
82a24fde194d8fdc-FRA
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
pageview
api.assertcom.de/ 		0
310 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/pageview
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.95.177 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.177.95.55.162.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
linreg.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
error
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/error
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.95.177 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.177.95.55.162.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
linreg_da.min.js
vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/ 		187 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg_da.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Nov 2023 12:49:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
14
etag
W/"655b55df-2ebee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DweEr%2F7R6dUdnAN4sUDE7ML74jo0zoEWmvfvezF%2Fr78SeKF5Bexvimqxoy52ryLX9b7cCxBjQzYiMBRJHniP7nv%2BAsJxsxLBEQ8qE79wZt%2F58Qn2Neb29h5SDJLC6iCkUsKET1VXkVytiyHb%2B5z2cu2FCLfSVdWc5lGZ8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
82a24fddc8750418-FRA
alt-svc
h3=":443"; ma=86400
forest.min.js
vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8b0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers
/
www.google.com/pagead/1p-user-list/10887832869/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10887832869/?random=1700668057152&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&fmt=3&is_vtc=1&cid=CAQSKQDICaaNQxhyhlDWVb7joJeslmFdKsUg3U_MOBiXboGIgzv34FY1tt6I&random=61852472&rmt_tld=0&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10887832869/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10887832869/?random=1700668057152&cv=11&fst=1700665200000&bg=ffffff&guid=ON&async=1&gtm=45be3b81&u_w=1600&u_h=1200&url=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&frm=0&tiba=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&data=event%3Dpage_view%3Bpage_path%3D%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%5C%3Dob%26utm_medium%5C%3Dcpc%26utm_campaign%5C%3Dhi_cos_6-01_an_c_3%26utm_term%5C%3D0061df1e37acfb75f995365418e6af2098%26extid%5C%3Dv4-4EyY2w7-1079981226%26dicbo%5C%3Dv4-4EyY2w7-1079981226&fmt=3&is_vtc=1&cid=CAQSKQDICaaNQxhyhlDWVb7joJeslmFdKsUg3U_MOBiXboGIgzv34FY1tt6I&random=61852472&rmt_tld=1&ipr=y
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
script.js
cadmus.script.ac/dahhc4ozyvjm6/ 		129 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf9a23b3505b601a9de91a953c462d670e5b13fbbed92e0be549822cdd2af34a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
last-modified
Wed, 22 Nov 2023 15:20:46 GMT
server
cloudflare
age
0
etag
W/"70843787a6a2466cec2e9aa1ded631605944cd27"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray
82a24fdebd103675-FRA
adagio.js
script.4dex.io/ 		77 KB
24 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://script.4dex.io/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Content-Encoding
br
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
901265
Transfer-Encoding
chunked
Connection
keep-alive
Last-Modified
Mon, 06 Nov 2023 14:13:08 GMT
Server
cloudflare
ETag
W/"ccc354615ffb5b4afd96268bab4a6502"
Vary
Origin, Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YoVa7e5CPSgMWPnRz7T2Wb38B8qWJb8XGb%2ByoR0K8CXzS34%2Fg2H6wWoH8MEVsMDPv00c%2BvJoCAttO2TZJykmCpYgOUyoHz0trtA2ucAlGTP%2BekMPIUFyXJVnutW%2F9zdRONNYitwcz13s7O%2Bc"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Cache-Control
public, max-age=1800
CF-RAY
82a24fdea9a49be9-FRA
1468.json
id5-sync.com/g/v2/ 		251 B
534 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/1468.json
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.120 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203256.ip-141-95-33.eu
Software
/
Resource Hash
5006334bf67e3ff98f80c349ba003b9f59f391db67fc3fef85d055907168e8c5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type
application/json;charset=UTF-8
lgc
d9.flashtalking.com/ 		147 B
756 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d9.flashtalking.com/lgc
Requested by
Host: d9.flashtalking.com
URL: https://d9.flashtalking.com/d9core
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.247.19.59 , Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-247-19-59.eu-west-1.compute.amazonaws.com
Software
Apache/2.4.52 () OpenSSL/1.0.2k-fips /
Resource Hash
665604621d7d5e632b1efe0c0fe218df49b872581af0b7fd321729dc8b543d5d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 22 Nov 2023 15:47:36 GMT
Server
Apache/2.4.52 () OpenSSL/1.0.2k-fips
Access-Control-Allow-Methods
GET,POST,SERVER
P3P
policyref="localhost/w3c/D9_p3p_.xml", CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Access-Control-Allow-Origin
https://heroinvesting.com
Content-Type
application/json;charset=ISO-8859-1
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
147
AGSKWxVTED3AcHHHeXAQfPZJlmy0TXndqy6Zff7cT0fF2koT-RJ2LQhkWlvsmP0-igcbIUac1xeea_mzhsFd_aWgD1Jmjalu9V6Gaw_Y50qolGM2_dvcjw8sn1v2aJntRoWQsGxUgCqEgw==
fundingchoicesmessages.google.com/f/ 		363 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVTED3AcHHHeXAQfPZJlmy0TXndqy6Zff7cT0fF2koT-RJ2LQhkWlvsmP0-igcbIUac1xeea_mzhsFd_aWgD1Jmjalu9V6Gaw_Y50qolGM2_dvcjw8sn1v2aJntRoWQsGxUgCqEgw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzAwNjY4MDU3LDQyMDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9oZXJvaW52ZXN0aW5nLmNvbS9idXNpbmVzcy9iaWctYnJhbmRzLWhpZGRlbi1iZWhpbmQtY29zdGNvLWtpcmtsYW5kLyIsbnVsbCxbWzgsIk50czVMdllJb2JrIl0sWzksImRlIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/yield-manager-script-v2.2.8-prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
850a261f025f4439a213f203997dd79a7ab036fc29c1f9a7d02d6c8773c7be9b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-n0QKX9cZYKXKJfPAF446kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
script-src 'report-sample' 'nonce-n0QKX9cZYKXKJfPAF446kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
unruly_prebid
targeting.unrulymedia.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://heroinvesting.com
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Wed, 22 Nov 2023 15:47:37 GMT
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
63ebe4b23a3c92dafc0c2e06
prebid.cootlogix.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.cootlogix.com/prebid/multi/63ebe4b23a3c92dafc0c2e06
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.238.128.98 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
104.238.128.98.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
/
colossusssp.com/ 		2 B
139 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://colossusssp.com/?c=o&m=multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
209.192.253.44 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
openresty /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
access-control-allow-credentials
true
server
openresty
content-length
2
content-type
application/json
bid
s.seedtag.com/c/hb/ 		12 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.seedtag.com/c/hb/bid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.50.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
64.50.149.34.bc.googleusercontent.com
Software
openresty /
Resource Hash
ebace8aa7139610c79668e84ad4af3f8d9f147e054f1a1a88a39d187892a3f7a

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:38 GMT
content-encoding
gzip
via
1.1 google
server
openresty
vary
X-HTTP-Method-Override
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hbjson
grid.bidswitch.net/ 		23 B
367 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.73.104.85 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-73-104-85.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
977658a6b9d8442ef909de436ae2473f4c313de021c738c70b3fb4e4095aab51

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Content-Encoding
gzip
Server
nginx
Content-Type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
Connection
keep-alive
Content-Length
48
prebid-request
onetag-sys.com/ 		15 B
414 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control
no-transform, no-cache
access-control-allow-credentials
true
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
3b00a8a576ab1a5c5f9b0be2879d6b6fccd951bad441aa268fddf620fb6d0643

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
6f8784730cea88db6686daf125d708a58c54e0b2e6507149153d05600d597ef7

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
33f9a4c16adfbe18140ca6e90cd3de3350500414904ed811dd67dd87e90f1e8b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
958e769fd53f7d2555562484244137d4ad295a4cf4f3e743b731fb8a24c44d03

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
635 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
5fe664cef03454b93af011d32292a83e29bdb59b2bd24c7f5afd6cdef080bff2

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
527e2eca91b5666b8c2c9c206254da1f9a0b716c7d5332e4ed92eaf1aecf6584

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
e708a8a08ef1bd656355407be9d1ce4b22e8b608536560aa033188ede2b8b01c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
635 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
b4b6672c00bfe73650afbb351b5d334388cd55c6c6523b71ed6f8f8eed1d141e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		248 B
634 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
2b34770f60feb64c75a7a4493ab5ce671d926454cd7f96ececea1a4d20fc1d41

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
248
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
3d01230fdb33d364153459f6167160172c369b808bcf160b82dc9dc58bfb9489

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
11f9906fd251c55cc634a33d99bffeaf5b216cda7178bf42952df89f7f864686

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		247 B
633 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
08a2e6c7bd4de0fe86f3778576e97c265120b32a5674471d408c508b7f733948

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
247
expires
0
auction
pbs.nextmillmedia.com/openrtb2/ 		249 B
635 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/openrtb2/auction
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
cf1ac793c916c98710b1c25b87435cc3a41643980c8ef9b30a08675a2822e8c8

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
x-prebid
pbs-go/unknown
vary
Origin
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
249
expires
0
hb-mm-multi
hb.minutemedia-prebid.com/ 		84 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.202.39.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-39-252.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
15cc6ed7ad7ac59aa5463653a28d52daa424df8c8adc7801c7cc3d980430e658

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
84
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
941 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=100101ccb3337e33&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=379a874f-a566-49b1-9c49-e309f003a3a9&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.28088589204739356
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
da36d74a76edf3a9629e3c4eb78056b3b215b9279b4d6f737d6245a93849d33e

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
940 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1013530e445ac45e&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=1b60d0cb-f553-47da-a257-41e976c2c4f7&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.9716451417139416
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
4db83c0e138bdabd7f5938e2643282248bfadaf39b2982895fbc211b0c706bd5

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		572 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=102980e097a44692&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=b33c5038-568f-4b72-a9e2-9f30e61c7965&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.3903192117544807
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
d997ecf646629f783a25170275002b9b8c76106385d3cd178c42e3495241ecc2

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
572
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
942 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1031e264d6631edc&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=09c698fc-2357-4b40-8915-1222d3b1417f&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.03225059206232039
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7199a6f1524479e5151e8b47460b1f2f849dce15f36d3ec86ea4fcb3b932fdce

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
940 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=10413c38f2bd7104&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=4bf17948-d9a7-42ae-a578-490131ad297f&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.8281413017162023
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
ce2f2d6e2c86d4842495777302cd555696e40d7ebde2763a9825562abb9bf5d6

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		572 B
924 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1054e4ca8fdb732f&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=3d1f16cf-9a37-4d83-9a59-fd271dd57b1d&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.8319973986311051
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
4d4d72fa0dc499054f927f44a2038048d5e93407ee6c74a6a1602542c6ac5ff1

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
572
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		17 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=10634c49cab1912d&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=6d4f1400-cff4-49dd-b092-9c0f4456625a&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.5374383374170733
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
e6203770d8d6ff2f5fcd1f32e88c1cd63550254bc18961b5c869b6fe53f074b4

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
941 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=107c52c8d7f4908c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=306a87ea-ed10-4199-8b74-d147b4b2f9ea&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.9257249466975774
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
c0522728ccb5838436f1541af5527b71d5ca495224a7ec28aa8dd4173aa8c3dc

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		572 B
923 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_leaderboard&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1080f1171fdf231d&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=ef1b49a2-c3fa-4b3f-b7a6-b91c26330720&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&slots=1&rand=0.29460074659987345
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
051b2836e4820a3904982cc7eeba96d09c9a3e5d4cdcf0a57fc2802316802430

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
572
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		16 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=2&alt_size_ids=31&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_sticky&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=109aa498cc0e82ab&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=9a69186d-a48a-4f8c-9a4b-fb1811803277&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_sticky&slots=1&rand=0.4197225332682668
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
20a2d1cb527e7a09b01d768a1551d236ddca12f69f6267d9c3d878d3590b8abc

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		590 B
942 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=19%2C43%2C117&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_ic_1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=110168e7d67ada5b&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=ec8ef3e6-ddf5-4699-90f2-d884ccf6f201&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&slots=1&rand=0.7357809079188151
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
e7f76e2011b48d4a7afbad85c48a6c7555c2260cb80603b0e3236ca6fb4ffd42

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
590
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		13 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=15&alt_size_ids=9%2C10%2C43&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_side_r1&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1116d8f57a291f0c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=aed93667-fa16-409b-9055-b8520c64e493&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_side_r1&slots=1&rand=0.5110594434562308
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
41d9cd451777916c4ce5efe9bfac4bd481998c1814941f3215eb63be47da8d07

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		586 B
937 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=25504&site_id=478470&zone_id=2840484&size_id=9&alt_size_ids=8&eid_flashtalking.com=e80e418eb0f04619b6676657c4bb20bc%5E1&eid_id5-sync.com=0%5E1%5E&eid_pubcid.org=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4%5E1&rf=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.domain=heroinvesting.com&tg_i.page=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tg_i.pbadslot=%2F22890879159%2Fhi_ay_dsk_side_l&tk_flint=pbjs_lite_v8.20.0&x_source.tid=790bc3ea-5208-42c2-8219-335b60d44d25&l_pb_bid_id=1122b2ec0a05faff&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=4a1bb742-0d44-4694-9115-65205687bf06&rp_maxbids=1&p_gpid=%2F22890879159%2Fhi_ay_dsk_side_l&slots=1&rand=0.707047885068973
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c003:200::44 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
db0a944f29782c140ec0539b3600808797fca1654aa70c43441d9c4bee57595a

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
586
expires
Wed, 17 Sep 1975 21:32:10 GMT
/
prebid.dblks.net/openrtb/ 		159 B
423 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.dblks.net/openrtb/?sid=2724499
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.212.255.178 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software
nginx/1.20.1 / Express
Resource Hash
436c5ea88f6c8e21aec4db5b2daebde8d7c8f5a81b2524aca6a52d28121a118b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:26 GMT
x-openrtb-version
2.5
server
nginx/1.20.1
x-powered-by
Express
etag
W/"9f-F91lIYZzGgLzx4+raVTH987i4m0"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, private
access-control-allow-credentials
true
content-length
159
trinity.json
apex.go.sonobi.com/ 		453 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22128c8b75c32267e4%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%2212964824e4c7ae97%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%221300175595a803a4%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%2C%221316f699c153d73f%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%22132ae2b73806f03b%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%2213394531eaa23236%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%2C%2213492934f51d67ec%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%2213528fe3a5c7cd1c%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%22136e7d434bb72391%22%3A%22339eef0ffc50a90ea04b%7C728x90%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_leaderboard%2Cc%3Dd%2C%22%2C%221376c29494606401%22%3A%225110ae0368112018ce37%7C728x90%2C980x120%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_sticky%2Cc%3Dd%2C%22%2C%221384c75ab8f11272%22%3A%229ef57c4e1a7aad0ba98a%7C320x100%2C320x50%2C300x250%2C300x100%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_ic_1%2Cc%3Dd%2C%22%2C%22139a1e7890376f7e%22%3A%22ab18e1366d6110b8df97%7C300x250%2C160x600%2C300x600%2C320x50%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_side_r1%2Cc%3Dd%2C%22%2C%22140ddc4d660ad041%22%3A%22b73b2d5a888130b1e9b1%7C120x600%2C160x600%7Cgpid%3D%2F22890879159%2Fhi_ay_dsk_side_l%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&s=94923e76-92e6-4a67-a01d-f3904beec175&pv=052dca64-4730-4f69-862f-05ce44610dde&vp=desktop&lib_name=prebid&lib_v=8.20.0&us=1&iqid=%7B%22pcid%22%3A%22eeed9dca-d03c-4d26-908d-a0cb994fe91d%22%2C%22pcidDate%22%3A1700668057563%7D&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22790bc3ea-5208-42c2-8219-335b60d44d25%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22heroinvesting.com%22%7D%2C%22page%22%3A%22https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F119.0.6045.159%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&eids=%5B%7B%22source%22%3A%22flashtalking.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22e80e418eb0f04619b6676657c4bb20bc%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22HHID%22%3A%227c48830b47974936bffdb22a3bb67f63%22%2C%22DeviceID%22%3A%22e80e418eb0f04619b6676657c4bb20bc%22%2C%22SingleDeviceID%22%3A%22e80e418eb0f04619b6676657c4bb20bc%22%7D%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%220%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A0%2C%22pba%22%3A%22TOkJf3fcvWkSeQIgIL%2Fp0w%3D%3D%22%7D%7D%5D%7D%2C%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2223e2ba72-1fe4-4de8-9fdb-408d823e1ae4%22%2C%22atype%22%3A1%7D%5D%7D%5D&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.8 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
53305fbcef9615547e840477a419b2013c2460d18193169d36a4304fa33b0354
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-177
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
303
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
hb
cpm.qortex.ai/ 		0
264 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cpm.qortex.ai/hb?zone=194374&v=1.6
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.245.57.72 , United States, ASN36057 (WEBAIR-INTERNET-MTL, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:37 GMT
Server
nginx
Age
0
Access-Control-Allow-Origin
https://heroinvesting.com
Cache-Control
no-store
Access-Control-Allow-Credentials
true
Connection
close
Content-Length
0
bid-request
a.teads.tv/hb/ 		16 B
382 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.35 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-35.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
content-length
42
expires
Wed, 22 Nov 2023 15:47:37 GMT
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
564 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
v1
prg.smartadserver.com/prebid/ 		171 B
559 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
89.149.192.64 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
/
Resource Hash
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding, Origin
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
no-cache,no-store
access-control-allow-credentials
true
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
289 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
0
641ab9f7284b9911720b9b75
exchange.kueezrtb.com/prebid/multi/ 		0
288 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.77.105.37 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
45.77.105.37.vultrusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
max-age=0, no-cache, must-revalidate, proxy-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
content-length
0
hb
ssc.33across.com/api/v1/ 		67 B
141 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
150 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
141 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
141 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
314 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/ 		67 B
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ssc.33across.com/api/v1/hb?guid=dUOeOqXmSr7AmkrkHcnlxd
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://heroinvesting.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
imp
g2.gumgum.com/hbid/ 		466 B
681 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057587&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-3__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
122e502e02d15917d291203058aefa9dfec946bcc445882339a1bea7d3dbc912

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
682 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057597&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-2__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e8cd50eb5d4d6c1e18ca7bfc98f74a35a811f22a1e3fb5d141a1c9461c399aef

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
682 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057597&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_leaderboard__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1998fc3303d046f8b2065d2689dadca97130151667b57404f94a9d0adbb5b72b

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
682 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057598&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-3__ayManagerEnv__2&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1efa1573d449934ada78452182a4680d6afa3e56c4cc918c43c963394bab38ff

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057598&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-2__ayManagerEnv__2&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d9d5882531b33e029ffaa8782658b02b0042d3dbedccf2d1ab41c121633d2fae

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057599&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_leaderboard__ayManagerEnv__2&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8795ccb00ce1f0e89e48feff5cbe9febbc2bf5be040fcb17f6298acec8d9c19d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057599&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-3__ayManagerEnv__3&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9da952a3e6db7811c02d42042d0e70199d47c50241671b49d8df09c5e704ec3a

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057599&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-2__ayManagerEnv__3&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f8797c009bda9c3135d1042ac16f93278108f724f88cf7a43fb2ef544723457d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057601&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_leaderboard__ayManagerEnv__3&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_leaderboard&t=notmta6c&pi=3&maxw=728&maxh=90&si=1008717&bf=728x90&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ff070286de82b7484679470301d6185371b91d16736f7495f728311f2219f1cf

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057602&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_ic_1-side__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_ic_1&t=notmta6c&pi=3&maxw=320&maxh=100&si=1008715&bf=320x100%2C320x50%2C300x250%2C300x100&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
003f02a67866738da078f1cd7aadfa534e2d959792f1213a8d3804dfc048a37d

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057602&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_side_r1__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_side_r1&t=notmta6c&pi=3&maxw=300&maxh=600&si=1008719&bf=300x250%2C160x600%2C300x600%2C320x50&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
12429c251a257c42b91bdd4b253b8d8a8a01b091d23414824999ebad0a251277

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
imp
g2.gumgum.com/hbid/ 		466 B
683 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057603&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_side_l__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_side_l&t=notmta6c&pi=3&maxw=160&maxh=600&si=1008718&bf=120x600%2C160x600&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e274a4700b389e60729118999163c656dddceacb3eb30fc82bc0ee3136e93922

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
unruly_prebid
targeting.unrulymedia.com/ 		0
165 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.115 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
application/json

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
pbjs
htlb.casalemedia.com/openrtb/ 		4 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=974236
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a022a87f48a2a7d80ff363e6475102738404498ebbff5b3b6225aaadb345d1ee

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dAHvm5QEHnB84IjF00yMdO7dRwWUYrwstMk6DRv2otVmFenFpbuPb%2BSvBNsz0zhRxOS05WsOteXARR3WqJmyphmMdrSy9ILxppvRks0kVjGwWxOtbZitM0UOvAeG1nf0xgT5ArVe"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
82a24fe0a82a9b3a-FRA
alt-svc
h3=":443"; ma=86400
expires
0
hb-multi
hb.yellowblue.io/ 		85 B
434 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hb.yellowblue.io/hb-multi
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.249.240.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-249-240-92.eu-west-1.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
81ce6bffd1b40eb13d88a0dc38da2057cb4c621347a51d852d1cf65ef96ca53c

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:38 GMT
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
application/json
access-control-allow-credentials
true
x-envoy-upstream-service-time
381
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
content-length
85
c
prebid.a-mo.net/a/ 		0
357 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
18
server
envoy
vary
origin, Accept-Encoding
prebid
prebid.media.net/rtb/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUK6VG18
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
153.63.120.34.bc.googleusercontent.com
Software
envoy /
Resource Hash
8959c0b49ad08b00ab047f2eda9aa568d1f9e2a56f97968b8598f615a27696fa

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
via
1.1 google
accept-ch
Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server
envoy
content-type
application/json;charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
102
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 15:47:37 GMT
imp
g2.gumgum.com/hbid/ 		668 B
823 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://g2.gumgum.com/hbid/imp?lt=1700668057637&to=-60&id5Id=0&id5IdLinkType=null&aun=if_ay_dsk_sticky__ayManagerEnv__1&ftrackId=e80e418eb0f04619b6676657c4bb20bc&id5id=0&pubcid=23e2ba72-1fe4-4de8-9fdb-408d823e1ae4&gpid=%2F22890879159%2Fhi_ay_dsk_sticky&t=notmta6c&pi=2&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.20.0%22%7D&ogu=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F&ns=9523
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9abe2da7218e8d78a1fe383245df113671b0a0e9613c7d73d282d7026842a9b9

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://heroinvesting.com
cache-control
private, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*
expires
0
prebid
mp.4dex.io/ 		60 B
489 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mp.4dex.io/prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:994e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

x-version
3.0.0-gcp-ams
date
Wed, 22 Nov 2023 15:47:37 GMT
x-err
Shapings: no adunits with size and seat and mapping
via
1.1 google
cf-cache-status
DYNAMIC
content-encoding
gzip
x-warn
Process Floors. 1 inventory rules not found for mediatype: banner and adUnitCode: if_ay_dsk_sticky__ayManagerEnv__1
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
82a24fe0df723aa2-FRA
expires
0
auction
tlx.3lift.com/header/ 		19 B
528 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.20.0&referrer=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&tmax=2500
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.192.193.155 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-193-155.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
accept-ch
sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list
content-type
application/json; charset=utf-8
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
159 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/ 		0
158 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.127.67.62 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-67-62.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
ortb
bid.contextweb.com/header/ 		0
877 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bid.contextweb.com/header/ortb?src=prebid
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
cwdl
22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211,22/4211
access-control-allow-origin
https://heroinvesting.com
access-control-expose-headers
Access-Control-Allow-Origin
access-control-allow-credentials
true
cw-server
bid-deployment-dfcb7cf59-5vtp6
bid
ap.lijit.com/rtb/ 		95 B
503 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_8.20.0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
14.14.251.63.unassigned.ord.singlehop.net
Software
/
Resource Hash
a578b7621ffb25e8a96532b5f7509fc5abcd724d14e2b13eb920418077755ce6

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/json
Access-Control-Allow-Origin
https://heroinvesting.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap1sea1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
99
hb
brightcombid.marphezis.com/ 		0
229 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://brightcombid.marphezis.com/hb
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.128.135.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
https://heroinvesting.com
pragma
no-cache
date
Wed, 22 Nov 2023 15:47:37 GMT
cache-control
no-store
access-control-allow-credentials
true
vary
Origin
expires
0
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=bidRequested&bidder=nextMillennium&source=pbjs&groups=1214;1214;1215;1214;1214;1215;1214;1214;1215;1220;1214;1217;1216
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:37 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
dye
track.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668057572&bidder=kueezrtb&at=display&v=13
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fe088572c29-FRA
dye
gtrack.kueezrtb.com/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gtrack.kueezrtb.com/dye?ac=2&acm=G3L&uid=825ca84a383a5db1&sid=a453a83b8b4eb29&pvi=36a415fb610457a&h=heroinvesting.com&wh=1600x1200&b=Chrome&bv=119.0.6045.159&dev=&os=Windows%2010&p=&cc=DE&ig=0&uri=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F&furl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sr=1600x1200&type=latest:br&_=1700668057572&bidder=kueezrtb&at=display&v=13
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:227b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
82a24fe088582c29-FRA
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://heroinvesting.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx/1.21.6
via
1.1 google
1a
i.clean.gg/ 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: cadmus.script.ac
URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202310231203/ 		264 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202310231203/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/MQmKrmitn70_4-erVruOwhgSQSU/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2b5a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 23 Oct 2023 16:04:16 GMT
server
cloudflare
x-amz-request-id
SDYP533A8GRSHRN6
age
1252361
etag
W/"866ce4ef9ef41c261f6060e4f642bb88"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
82a24fe0bc1bbbfd-FRA
alt-svc
h3=":443"; ma=86400
x-amz-id-2
zSzUh9Aw0eI/ntmSMxglfKToh22a/xq3MjJMokndSD96yj3zJfC0K6llYsOCu0Nxfn8nWs+6JVt1sngaGVJsXkJZdVA9rTPK
css
fonts.googleapis.com/ 		69 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMx-VBI7cufk83j17-qyMs5NHKqYbA/m=web_iab_tcf_v2_wall_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 22 Nov 2023 15:47:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 15:47:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 22 Nov 2023 15:47:37 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: heroinvesting.com
URL: https://heroinvesting.com/business/big-brands-hidden-behind-costco-kirkland/?utm_source=ob&utm_medium=cpc&utm_campaign=hi_cos_6-01_an_c_3&utm_term=0061df1e37acfb75f995365418e6af2098&extid=v4-4EyY2w7-1079981226&dicbo=v4-4EyY2w7-1079981226
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 20:08:20 GMT
x-content-type-options
nosniff
age
416357
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Nov 2024 20:08:20 GMT
AGSKWxU19gXj6AS2_Gt0JLMXIiEju5WRlcdQ9X6EzLr2fANX4YRWvJkjFKjBx5ZNmzogqdNOP4kIegA3Kw7F3fpyFpYmwIlPbCZNlj_6GPoWOK8NZsvcM5smqh5sNm2lF6OzDQnKtGA6aw==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxU19gXj6AS2_Gt0JLMXIiEju5WRlcdQ9X6EzLr2fANX4YRWvJkjFKjBx5ZNmzogqdNOP4kIegA3Kw7F3fpyFpYmwIlPbCZNlj_6GPoWOK8NZsvcM5smqh5sNm2lF6OzDQnKtGA6aw==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.Nts5LvYIobk.es5.O/am=CAM/d=1/rs=AJlcJMyTmwD9vZzPw60_wPGGncvG1CmM1A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JNLkFlWVVcBeBy-up2fyYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://heroinvesting.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JNLkFlWVVcBeBy-up2fyYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://heroinvesting.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
error
api.assertcom.de/ 		0
309 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://api.assertcom.de/error
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/client-v2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.55.95.177 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.177.95.55.162.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:37 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-store, no-cache, private, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding
content-length
0
expires
Thu, 01 Jan 1980 00:00:01 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Archivo|Arimo|Bitter|EB+Garamond|Lato|Libre+Baskerville|Libre+Franklin|Lora|Google+Sans:regular,medium|Material+Icons|Google+Symbols|Merriweather|Montserrat|Mukta|Muli|Nunito|Open+Sans:400,600,700|Open+Sans+Condensed:300,400,600,700|Oswald|Playfair+Display|Poppins|Raleway|Roboto|Roboto+Condensed|Roboto+Slab|Slabo+27px|Source+Sans+Pro|Ubuntu|Volkhov&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://heroinvesting.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Fri, 17 Nov 2023 14:29:28 GMT
x-content-type-options
nosniff
age
436689
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 16 Nov 2024 14:29:28 GMT
collect
region1.google-analytics.com/g/ 		0
45 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668056573&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1357598203.1700668057&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&dp=%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668056&sct=1&seg=1&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&dt=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&en=page_view&_ee=1&_et=324&tfd=2109
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1214
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1215
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1220
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1217
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
metric
report2.hb.brainlyads.com/statistics/ 		463 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://report2.hb.brainlyads.com/statistics/metric?event=noBid&bidder=nextMillennium&source=pbjs&groups=1216
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.84.92.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-92-154.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) / Express
Resource Hash
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:38 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Powered-By
Express
ETag
W/"1cf-XHssOe1+WUPy43P3Ckt9sJ3fhf4"
Content-Type
image/png
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
463
/
ssc-cms.33across.com/ps/ Frame 384E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=dUOeOqXmSr7AmkrkHcnlxd&gdpr_consent=undefined&us_privacy=undefined&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP020 /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:40 GMT
server
33XP020
x-33x-status
2000208
/
s.0cf.io/ Frame 0CAD 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a24ff63de16614-AMS
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uq1AupRJCVX3AxdpszJoVC%2B0rB79AStNGJDrNuwA%2BT99UAAHm%2Be4LDJuyw7YBAiNMS%2B4BElivp2k%2B4KZg3q%2BIRXeGjJ6CYi5YreVbJ%2FPHsXQ%2FWdbQCgLmR6mBh7nSTL5CFcxMEjl9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
sync
eb2.3lift.com/ Frame 6A50 		37 B
140 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
sync
cookies.nextmillmedia.com/ Frame 8CF6 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/sync?type=iframe
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.189.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-189-170.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
1891
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
server
fasthttp
visitormatch
bh.contextweb.com/ Frame E299 		27 B
650 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bh.contextweb.com/visitormatch
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
208.93.169.131 , United States, ASN46244 (WEBMD-IDC1-AS, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
/
onetag-sys.com/usync/ Frame 2B69 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?cb=1700668057752
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
strict-transport-security
max-age=15552000
checksync.php
contextual.media.net/ Frame FB27 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUK6VG18&prvid=2012%2C2034%2C2033%2C2055%2C2031%2C2030%2C3020%2C251%2C175%2C450%2C2009%2C178%2C233%2C2028%2C3018%2C2027%2C3017%2C214%2C236%2C237%2C117%2C459%2C70%2C97%2C55%2C99%2C77%2C38%2C2022%2C3012%2C3010%2C141%2C262%2C461%2C222%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C10000%2C80%2C108%2C9%2C508&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.35.228.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-228-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
8418
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Fri, 24 Nov 2023 15:47:41 GMT
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-mnet-hl2
E
usync.html
eus.rubiconproject.com/ Frame 46F9 		281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:47:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
/
sync.cootlogix.com/api/sync/iframe/ Frame 4247 		109 B
422 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
157.230.14.143 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods
GET, HEAD, OPTIONS, POST
access-control-allow-origin
*
content-length
109
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
iframe
sync.colossusssp.com/ Frame B7D0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.colossusssp.com/iframe?pbjs=1&coppa=0
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
172.240.155.68 , United States, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/plain
Date
Wed, 22 Nov 2023 15:47:41 GMT
Server
nginx
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
isyn
prebid.a-mo.net/ Frame C225 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid.a-mo.net/isyn?gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
145.40.97.66 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
date
Wed, 22 Nov 2023 15:47:40 GMT
server
envoy
vary
Accept-Encoding
x-envoy-upstream-service-time
1
beacon
ce.lijit.com/ Frame 97EB
Redirect Chain
  • https://ap.lijit.com/beacon?informer=13530234
  • https://ce.lijit.com/beacon?informer=13530234
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/beacon?informer=13530234
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
216.52.2.30 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date
Wed, 22 Nov 2023 15:47:41 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap6ams1

Redirect headers

Content-length
0
Location
https://ce.lijit.com/beacon?informer=13530234
ixmatch.html
js-sec.indexww.com/um/ Frame 0827 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: vrl9rgsahh7mx6ndn.ay.delivery
URL: https://vrl9rgsahh7mx6ndn.ay.delivery/manager-script/vRL9rGsaHH7Mx6NDN.deploy?v=e3v8yNrYFnJiNs4gD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.149.180 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://heroinvesting.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1051
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
82a24ff61eff91ff-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 19:47:41 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
sync
x.bidswitch.net/ 		43 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=themediagrid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.61.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-61-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
9.gif
id5-sync.com/s/441/ 		43 B
920 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/s/441/9.gif?puid=&gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.120 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203256.ip-141-95-33.eu
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="CAO PSA OUR"
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=286
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=_A4x8fptXpVRj0abhccC4tly2hM
49 B
444 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us.gif?nw=st&nuid=_A4x8fptXpVRj0abhccC4tly2hM
Protocol
H2
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-177
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store, private
tcn
Choice
content-length
49
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=st&nuid=_A4x8fptXpVRj0abhccC4tly2hM
Date
Wed, 22 Nov 2023 15:47:41 GMT
Connection
keep-alive
Content-Length
99
Content-Type
text/html; charset=utf-8
usync.js
eus.rubiconproject.com/ Frame 46F9 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28149
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:50 GMT
getuidj
ib.adnxs.com/ Frame 0CAD
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fib.adnxs.com%2Fgetuidj
  • https://ib.adnxs.com/getuidj
29 B
702 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
df9c012e31d1f40f00f1ef9d49bd50ef4c94813df00204e0d31de513b17a4db5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
cae2141a-2d80-4937-abbd-34a297f5071f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
7679c2e5-d6c2-43bb-b3bf-60c71d71c6e2
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame 25BF
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff8bbe0694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJCNSgygghoYYB%2FzuhRi853Ornqh%2By02UjHmmBHagsYSg0b14GFUT35gjIi78ULjHXN0ii5kuwOktScfVntDCzNgkTm%2FO6XB1ov5cnvtGeRqCHYJkXV%2FA95a4YfBRPk3tiOf5VGpww%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=76&uid=4244436613735121705761
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame 0CAD 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
96463f77aae101d34cef570d1a40570d926482af4fc461cf03cb3ba54bd19fd8

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame 0CAD 		63 B
417 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
09a45732f771315394b0d99b7dc3416b488a1a0a817f1fbb73666d78730730e4

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:47:41 GMT
connectmyusers.php
cdn.connectad.io/ Frame 597E 		1 KB
855 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2383
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a24ff8da503608-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
last-modified
Wed, 22 Nov 2023 15:07:58 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame 6849 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame AE5C 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
df48345539e333db055ca41300a49ed21f251a7874fe41915acacdccefa8da5c

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
etag
W/"0df9f63652156d8cc3efddf7ad805b2b7"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame AE8B
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D&s=184932&C=1
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff93c5b694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=svpV%2F%2BZQ8bTNl16wEfSBUndfvQEvOqBZrBdpfGSoUEHFPs2c%2F85mUOlRaCd1x33r6rt0QG%2FIyIeQX1Fq2PN3i2w%2BV0ZNiNdbqJ6JzOb1TXTv3r8y6RV%2BnYcSxNPHi5Re%2FLWWo9AD%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a24ff8d9b29b3a-FRA
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=74&uid=ZV4incIEyBgatTJ8YI.dCAAA%262137
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FhkcFxBRhNMU01Fm%2F4%2FYzfdJLyGE%2BfGJxCgNVO12ibiJNParvGkx%2Ft4Rwu3E%2BKkh6rj8sT%2B8DJSNfPtvLRVL5PZ9R756e7%2FEKbXv6RK2WGpga47A4UGMokWQxhzJ3r66yQsd2DhB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame E5E3 		43 B
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame BEB3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
14.14.251.63.unassigned.ord.singlehop.net
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:47:41 GMT
X-Sovrn-Pod
ad_ap1sea1
us.gif
sync.go.sonobi.com/ Frame C545 		49 B
445 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-177
x-xss-protection
0
/
s.0cf.io/ Frame BBA6
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmphb?zcc=1&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D&cb=1700668061711
  • https://ad.turn.com/r/cs?pid=45&rndcb=2403023580
  • https://sync.1rx.io/usersync/turn/3767009703109338317?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3DRX-77da2f61-8784-416...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5118
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffe29fe694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 16:17:42 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4e0TR8Tthl79HmxPplN%2BjFTweGaymzZL7aTPLIb9habzbUoeTxUP60qzXCoLjf7q%2Bv9HRXzNyl5%2BdPBbGdop69hgJEIfQSE71Es389CUv1KrRksDr6rRjmO0Z9tpMCxn39MY2HOEMg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
etag
RX77da2f618784416f81f2f1506b9bcc7c003
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=22&uid=RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame 2EF0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame 876B
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff8bbdc694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Ny5yTHEei%2BCO%2B%2Fz8N%2FrFHn3ivxp2sVnF1q25u75u40IX7BI%2BpHV6UqYrbzr9yuUp%2FjOAW2QsIjTZaUXFb2BGPNu9rOTUoBqEOozj%2BcxUldlU8HboXLCFhwizk4DFh0YyMnI2H99KA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame BB8B 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame 0CAD 		9 B
291 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame EC72 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
server
33XP002
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 18D7 		0
42 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
/
s.0cf.io/ Frame 2E18
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff8bbdf694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IyWrU7c7hokU1v4GWXFAQXycBzITi8MENyETO5VXbfxGsqI1cBpalrVRJGmpCNDrLFO5EpGYfvGqS5tpyAO1jzWwFTpyMdRUDFEhbsnGqRD3df4WIXNdM8ldZ53bwyD5scB0%2B049Zg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=21&uid=AAcbQOnQl9nW&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame 1365 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.51.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-51-148.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
/
s.0cf.io/ Frame DBD8
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff93c5d694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X34JBWoXvrrks9mZ5Z0sboefAoI%2BBaSNPvN7Cr%2Bi6aPbY6k8Lu8VKUyrebeXa9HHLZ7b8Ke2hm1NUCoM%2BbDxnMaXSIp%2BH0nBh%2BRbp3BNMKmJzNYf6ZkRIRXFUWbgr129u3qV23msjw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=82&uid=7931550921052181349
/
s.0cf.io/ps/ Frame C491
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
2 B
487 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=113b5a615e60f437
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
MISS
cf-ray
82a24ff91c35694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fULwtGvet6J79VIQ6Af7nnPpcfnIsFvtdm%2BseFIdtiFqXWWF4A1yYvBb6k8rEDwjknuahWSrq9Vx31JkT9N6gktBJ4J%2BChD2ZxbTnk%2BNne6%2FE90PKqZXBfFjlYhH4QWEBrmhGy4Izg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
316
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=113b5a615e60f437#ps=true&id=666&uid=CAESEIet9b1Wmxzp94HkuFMbBVU&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame 0FFF
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff95c81694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bUUeHkKIypPgzGk9Jxjc42GLXOgOYGUxJffc9kjLXEyCkgkSyQxXL%2BTlclovZ0LlGu%2BwVIlQZWjIQj57qzaN%2BBluGwasDCVAnlrcn374WNCNqeWLbHPg4gIsfXbnh6CV0Dr5WGZs2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:41 GMT
Expires
Wed, 22 Nov 2023 15:47:40 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master cdg cdg-pixel-x27 config_version:"318"
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=61&uid=f9ef655e-229d-4e00-8dcf-6c575638c38d&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame 3F2C
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb5eed694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dssU1%2BdADA95aNqOkTf5QUdJQC7pihliUJ1%2F%2FISzaaVf8VbiPhs7%2Ffb75l4C1OAD4OCmuh44nqFnFVkYJoQBvEOcm8jL%2BIX1ChhzI4xJZA0XjBcc8Zkd9cK25GnwFSoWtptUA6tM8g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 15:47:41 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
setuid
pbs.nextmillmedia.com/ Frame C469
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dappnexus%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fcookies.nextmillmedia.com%252Fsetuid%253Fbidder%253Dappnexus%2526nmuid%253D%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526u...
  • https://cookies.nextmillmedia.com/setuid?bidder=appnexus&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=3889965644092935638
  • https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3889965644092935638
86 B
395 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3889965644092935638
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=appnexus&uid=3889965644092935638
server
fasthttp
/
ssc-cms.33across.com/ps/ Frame D6F2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3D33across%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D33XUSERID33X&id=zzz000000000002zzz
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP009 /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:40 GMT
server
33XP009
x-33x-status
2000208
prebid
rtb.openx.net/sync/ Frame 2039 		43 B
236 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?gdpr=&gdpr_consent=&r=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dopenx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%24%7BUID%7D
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
usermatch
ssum-sec.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=194648&gdpr=&gdpr_consent=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_pri...
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=19...
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
681975cda034fb2d0e68d7b56286fd4af9fb9586c561cb77f140633df6d7ea07

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a24ff90a0a190f-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qfn2DkbGIZ62yZdHLgBXIohDhBqu69HA8zPZUXo3SMYJXdvUE7gSLU3Gx8WD8WS2ZZ7s85Fu86zdhjGusGLHSjRepmW2HCfUjEq7KisIsRzryJu14cSMkUGdjdeKDCNYvNq9mfoJkN2Nsg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a24ff8b97b9b3a-FRA
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
location
/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=60Wwm1mPYOhIQG4MF0b1fKtlMeM%2FctGCC1BsyJB0tlwky%2BHWJp7QY%2FM6DM6MWwNtRznRiyxq7QOyGE8CjE149w7TvKblB9yjkW0U3KzB4GQkTUHorD%2FLr14dacUqDD%2FSqZDyqLlRkbqSZw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame C994
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=17888&endpoint=us-east&nmuid=
  • https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:47:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
server
AkamaiGHost
setuid
cookies.nextmillmedia.com/ Frame 8FD2
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=&us_privacy=&cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Damx%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D
  • https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.189.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-189-170.compute-1.amazonaws.com
Software
fasthttp /
Resource Hash

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
server
fasthttp

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
location
https://cookies.nextmillmedia.com/setuid?bidder=amx&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=
server
envoy
x-envoy-upstream-service-time
2
ImgSync
image8.pubmatic.com/AdServer/ Frame 5F70 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=157577&gdpr=&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dpubmatic%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%23PMUID
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
setuid
pbs.nextmillmedia.com/ Frame F6EE
Redirect Chain
  • https://csync.loopme.me/?pubid=11364&gdpr=&gdpr_consent=&redirect=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dloopme%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D%...
  • https://cookies.nextmillmedia.com/setuid?bidder=loopme&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2&gdpr_consent=null&gdpr=null
  • https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2
86 B
414 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2
Requested by
Host: cookies.nextmillmedia.com
URL: https://cookies.nextmillmedia.com/sync?type=iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

Referer
https://cookies.nextmillmedia.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
86
content-type
image/png
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
pragma
no-cache
vary
Origin

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://pbs.nextmillmedia.com/setuid?bidder=loopme&uid=95e023af-01b6-40f5-95b4-d8d9ede38cd2
server
fasthttp
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dapn%26i%3D%24UID
  • https://usersync.gumgum.com/usersync?b=apn&i=3183561628214952645
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=3183561628214952645
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
f0da6fad-eb30-417f-8ea6-cabe7712fcc6
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=3183561628214952645
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame AE5C
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=
  • https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Server
18.195.61.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-61-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
//x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
date
Wed, 22 Nov 2023 15:47:42 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://us-u.openx.net/w/1.0/cm?cc=1&_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Date
Wed, 22 Nov 2023 15:47:41 GMT
Connection
keep-alive
Content-Length
128
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame AE5C 		43 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:bf9c:a4a:22aa:bd3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=3c1e7e1e-d509-4f19-8bd6-0eda12b486f6
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=3c1e7e1e-d509-4f19-8bd6-0eda12b486f6
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=3c1e7e1e-d509-4f19-8bd6-0eda12b486f6
Date
Wed, 22 Nov 2023 15:47:42 GMT
Connection
keep-alive
X-CI-RTID
b88eb444-1a98-4544-a392-d0b91de10d24
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame AE5C 		0
44 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 Ashburn, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=bnTgKkSqntyi&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=bnTgKkSqntyi&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=bnTgKkSqntyi&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame AE5C
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
date
Wed, 22 Nov 2023 15:47:40 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame 4CD0
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame 1877 		170 B
243 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 61C6 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-184-192.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97675
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Thu, 23 Nov 2023 18:55:36 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 4991 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame 811B
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7l0AAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7l0AAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:47:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7l0AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
3
X-SO-Cluster-ID
0
X-SO-HostName
a-ad40124.dc2p.scaleout.jp
X-SO-IP
217.114.218.19
X-SO-Key
ZV4insCo5tAAAJUi7l0AAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4insCo5tAAAJUi7l0AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"a-ad40124"}
X-SO-LB-Hostname
a-tgng40012.dc2p.scaleout.jp
X-SO-Upstream-ID
a-ad40124
usersync
usersync.gumgum.com/ Frame 7036
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://creativecdn.com/cm-notify?pi=gumgum&tc=1
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum&tc=1
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum&tc=1
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:41 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT Wed, 22 Nov 2023 15:47:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum&tc=1
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame F362
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:47:41 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 71DB 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ff8dbf9694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iT1pRwaO6M3ACFrM7si7cHwnB5hTgm3s3bkvOQzdJY2vhxH7cPqN7JYNL93fLAwrZJkZIFWUyrndyUHvACQYPHHg4W%2BsqlbAJ9KeBlWdqeS%2BwIErlqv5xr9uTn5q4WBcaL%2FkWovooA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
1
sync-eu.connectad.io/syncer/ Frame 13D1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cdn.connectad.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
82a24ff98b1b3608-FRA
date
Wed, 22 Nov 2023 15:47:41 GMT
server
cloudflare
usermatchredir
ssum-sec.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKsGK5gU307OgSM-mxOTDOI&google_cver=1
43 B
730 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKsGK5gU307OgSM-mxOTDOI&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VvaqgDMek8W3rmrEKs7JBGn5C4wN6eSDCnhRIyLofpr%2FU946Sduv2DjqZOCag100MfmbN1RpUTJOeMi6eJ4YQ92r5zl%2BZqwl2lZ1eSPcZXKZX3FwoYiB6j5Q7iefvyLNaYK7xKyKbbKDQw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a24ff9db00190f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEKsGK5gU307OgSM-mxOTDOI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 1E95
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid=
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid=&dcc=t
43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid=&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
7SMJ0RE0TBD59TFXCXS5
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
5HS4BCBX6J4C26GFEXCQ
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZV4inQfoXk0y617BLTqixAAAFEwAAAIB&gpp=&gpp_sid=&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZV4inQfoXk0y617BLTqixAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIHWP-NSJr277JgADmG90d8&google_cver=1
43 B
729 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIHWP-NSJr277JgADmG90d8&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeCjnLKp423ehrfErpHm62xlg6Mch2RcgcX3lOTkBE36I0FvMy3SPzs%2B4HP0LkT4vwB9vPDQWRgNABrSjb5Ss4hckYQTFFQh4iJBiKzvMaTOD0t7I8iF8iRmGzvzYRYqblzYaEqV9bRL7A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a24ffaac0b190f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEIHWP-NSJr277JgADmG90d8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame 1E95 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
server
Kestrel
content-length
70
content-type
image/gif
rum
dsum-sec.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=_A4x8fptXpVRj0abhccC4tly2hM
43 B
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=_A4x8fptXpVRj0abhccC4tly2hM
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H3
Server
172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYRHLf8ah4GyL%2Fi8LEYNsR9R8EYhTrHy6%2Bm8ps%2BlaeqdnUtLNS1S1pPKGaOBGFtp3FytkDbJjbsZV18DWTwMf9%2FgScIFNQ9qmRYSG2VoZXfisvzmUudoWRMiGIb2WIrfy0hwkTc5sgGQRw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a24ffa9bec190f-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=_A4x8fptXpVRj0abhccC4tly2hM
Date
Wed, 22 Nov 2023 15:47:41 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
crum
dsum-sec.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196
43 B
473 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlTNo9zR7fZ47NM2kSbsbgTSRhNjJoUuMXGqt7yXCmyu1SJgoMAMrIWa4ziLFhj04ysGyIpbqcck86DPQ9Ah1fZYT7ZVeHmUeURtKOTmsCeZX29%2BMQUPbPxmzzc5m3sXgTif0mCCGrOoag%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a24ff9fb329b3a-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=133&external_user_id=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=index&gpdr=&gdpr_consent=&us_privacy=&user_id=ZV4inQfoXk0y617BLTqixAAA%265196
pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT, Wed, 22 Nov 2023 15:47:41 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
usersync.aspx
dis.criteo.com/dis/ Frame 1E95
Redirect Chain
  • https://i.liadm.com/s/31327?bidder_id=14481&bidder_uuid=ZV4inQfoXk0y617BLTqixAAA%265196&gpdr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
  • https://i.liadm.com/s/31327?gdpr_consent=&bidder_id=14481&gpp=&bidder_uuid=ZV4inQfoXk0y617BLTqixAAA%265196&_li_chk=true&gpp_sid=&us_privacy=&gpdr=&previous_uuid=3ece3bcf175d474da61da8fbb1899614
  • https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
43 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
178.250.1.9 -, , ASN (),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
211857
expires
Wed, 22 Nov 2023 00:00:00 GMT

Redirect headers

Location
https://dis.criteo.com/dis/usersync.aspx?r=77&p=311&cp=liveintent&cu=1&url=https://i.liadm.com/s/28292?bidder_id%3D71340%26bidder_uuid%3D@@CRITEO_USERID@@
Date
Wed, 22 Nov 2023 15:47:42 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Connection
keep-alive
Content-Length
0
Request-Time
4
crum
dsum.casalemedia.com/ Frame 1E95
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=939b6fc8-9345-5019-380f7288
43 B
538 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=939b6fc8-9345-5019-380f7288
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
104.18.36.155 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:42 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uln2LgYkvng%2FbimkbxrSbuC4SMiA6biAM4qTupRoSxwAmQX4c%2FP7Cya%2FatMikdxgEPDMO%2FOfyFUyGnWv1nE5o6QGMU3WZNynsbvsIfYrPXkqH1nYK0K3K6lWcsboWipFuOKtC8YI"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
82a24ffc3d8f9b3a-FRA
alt-svc
h3=":443"; ma=86400
content-length
43
expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:47:42 GMT
via
1.1 google
server
nginx/1.24.0
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
location
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=939b6fc8-9345-5019-380f7288
content-type
text/html; charset=utf-8
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119
setuid
pbs.nextmillmedia.com/ Frame 1E95
Redirect Chain
  • https://cookies.nextmillmedia.com/setuid?bidder=ix&nmuid=&gdpr=&gdpr_consent=&us_privacy=&uid=ZV4inQfoXk0y617BLTqixAAA%265196
  • https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4inQfoXk0y617BLTqixAAA&5196
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4inQfoXk0y617BLTqixAAA&5196
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fcookies.nextmillmedia.com%2Fsetuid%3Fbidder%3Dix%26nmuid%3D%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26uid%3D&gdpr=&gdpr_consent=&s=194648&us_privacy=&C=1
Protocol
H2
Server
44.196.232.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-196-232-111.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-type
text/html
pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
vary
Origin
expires
0

Redirect headers

location
https://pbs.nextmillmedia.com/setuid?bidder=ix&uid=ZV4inQfoXk0y617BLTqixAAA&5196
date
Wed, 22 Nov 2023 15:47:41 GMT
server
fasthttp
content-length
0
usync.js
eus.rubiconproject.com/ Frame C994 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=17888&endpoint=us-east&nmuid=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28149
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:50 GMT
khaos.json
token.rubiconproject.com/ Frame 46F9 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
usync.js
eus.rubiconproject.com/ Frame F362 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:41 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28149
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:50 GMT
getuidj
ib.adnxs.com/ Frame 876B
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
702 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
df9c012e31d1f40f00f1ef9d49bd50ef4c94813df00204e0d31de513b17a4db5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
6c7fca57-d12e-4b82-aea5-d2cf8347bb7a
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
3b103ba3-b0f8-4680-a9c9-e473b9fcbba4
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
/
s.0cf.io/ Frame F8D8
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffa9e44694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ieyKKW0Jlo7YEC%2FKDjI6BWKhzLFnZ16SYD0FYKVJJxFGLQ%2FzP52TVdLeyym5UK%2FmoXb9UnC65cwAoidvNLmU08c2Iu%2FEHMWc5lRyG0iblo6PaQ5%2BpCflRV8Pw9H6NKu%2BAmvoFsgBjw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=76&uid=4244436613735121705761
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
getuids
prebid-server.rubiconproject.com/ Frame 876B 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
96463f77aae101d34cef570d1a40570d926482af4fc461cf03cb3ba54bd19fd8

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame 876B 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
09a45732f771315394b0d99b7dc3416b488a1a0a817f1fbb73666d78730730e4

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:47:41 GMT
connectmyusers.php
cdn.connectad.io/ Frame 6D0D 		1 KB
715 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2383
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a24ffa1bbf3608-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
last-modified
Wed, 22 Nov 2023 15:07:58 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame E1DB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame 5372 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
df48345539e333db055ca41300a49ed21f251a7874fe41915acacdccefa8da5c

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:41 GMT
etag
W/"0df9f63652156d8cc3efddf7ad805b2b7"
server
nginx
timing-allow-origin
*
/
s.0cf.io/ Frame 0E15
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffade83694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsyjsz4nMdIeoEbo8GkAS5TDrSIrKkRXYLWC9ZIh0Il2h2uQ4WbFQO7nhJHPSG55PulfORNETnp8rmTUuC70A2RUypiK4NrZOIj1NmYB8gvzu%2FPRnTvK7obEF5RBeI6%2FwkhGDfrzEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
82a24ffa2b71190f-FRA
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
0
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=74&uid=ZV4inQfoXk0y617BLTqixAAA%265196
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxjDs0A4mt4elNuXwzUsEYcvb5YbYCsAQzjenrCo4FIl0V5dEOCERzdZYsOJjw4cNol8tX9eFDhRhHU410R4rZLHckI5MpHXmcO1wKgNOT%2BNGq5c%2FoGkzyW6%2FjX1i1PtypgTRpqv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
prebid
rtb.openx.net/sync/ Frame 8155 		43 B
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame 394A 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
14.14.251.63.unassigned.ord.singlehop.net
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:47:41 GMT
X-Sovrn-Pod
ad_ap1sea1
us.gif
sync.go.sonobi.com/ Frame 52A4 		49 B
444 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-177
x-xss-protection
0
/
s.0cf.io/ Frame C25D
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://ad.turn.com/r/cs?pid=45&rndcb=3958963466
  • https://sync.1rx.io/usersync/turn/3694952109071410381?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3DRX-77da2f61-8784-416...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5118
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffe29fb694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 16:17:42 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZD8DnRrwZZqcM2V2g%2BKYoHrLehWJ%2B4BGG49pw22AHFmhxEMoumrbaoEoQmDcaxzls8lXCxgmdUoa8EvP1R9%2FPw0ONsooPi4XYGgx%2BwAXfAIZhDMigmhK%2FjFmtBw766BWX2gNamIMzw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
etag
RX77da2f618784416f81f2f1506b9bcc7c003
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=22&uid=RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
occ
ups.analytics.yahoo.com/ups/58448/ Frame F96D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:47:41 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
/
s.0cf.io/ Frame 896B
Redirect Chain
  • https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb4ee2694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=27UNsLa1%2FO6jziBEADJvcuGTX5%2FQBXtDhzyoUsSOTmJMa9W3lFiJIv1HbUB7v8hjUvIttjoE4vGFcihDopUZySd0BQagdZFCsxRjRRFUP%2FORDhE7JSP6uIJex7YYuzRytHyUXK5o8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, private, must-revalidate
content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=81&uid=?gdpr=0&gdpr_consent=0
server
envoy
x-envoy-upstream-service-time
1
/
onetag-sys.com/usync/ Frame 0F6E 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame 876B 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame 1B87 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP010 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
server
33XP010
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 323D 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:47:40 GMT
/
s.0cf.io/ Frame C130
Redirect Chain
  • https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb4ee8694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=asQjnZULJ0uKPv3IltNAp12JupJfBr5DkHgZAP9Hl%2BjIFXg5YzSoZynn2fcvbe%2F24DcmtNy4NJ3h7cNRDoDdgLr4pJE8KAxuLLMRsdF2dKRKBk0iobCaeoguk2oSv5VTILLIJJdIaw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
de-DE
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=21&uid=U0BEt3ubADU4&ev=1&pid=561205
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
v1
match.sharethrough.com/universal/ Frame E625 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.51.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-51-148.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
/
s.0cf.io/ Frame 3E6C
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb4eea694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6y0se4qD3QDCsTSJo2a45CXAxEqdDuqhdP3ONGu6bYacBFUtsI71epAgNVvf%2BYK6ZX6BF6G81CMxBgQxGhFLkKbRKNbW8uS5LqQ15eiqq6IFrEZA%2FN9Ziu03cIg90LxDI58ahxXFg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=82&uid=4755932680271221536
/
s.0cf.io/ps/ Frame 7DC4
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
2 B
488 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=113b5a615e60f437
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb9f3c694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 16:17:42 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FFMo5WEVpIND5re%2FDX9ovCFQz4Heaf6xXnJlPGh%2BQw0Ozi8Sc0UiAWIW8NpVwtMi9cHSObaX2SKXEaBwUYUtb2FbqTFFbDRjCnHihUlMKCArB24x4srftngQJxkN0iX2SG8KgHqJJA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
316
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=113b5a615e60f437#ps=true&id=666&uid=CAESEIet9b1Wmxzp94HkuFMbBVU&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
/
s.0cf.io/ Frame 0673
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb5ef0694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TzoTGJr0cM6voIrNDapab8Ij4Zc8dioJ1w3juL6M%2FqGi4Y1XVIAp8eDvlnMajOAODTIGZUIFGSexWzWCecSecKbLg%2BLqrcxul55QJZXTpHKalAW%2BOwxtXiXJ69zuEClRuz%2FsFg4aVw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:41 GMT
Expires
Wed, 22 Nov 2023 15:47:40 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 1143 599e619 master cdg cdg-pixel-x34 config_version:"318"
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=61&uid=f9ef655e-229d-4e00-8dcf-6c575638c38d&gdpr=0&gdpr_consent=0
/
s.0cf.io/ Frame 6A58
Redirect Chain
  • https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3...
  • https://s.0cf.io/
38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5118
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffd4903694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 16:17:42 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z3772scK1i3OgivI50rppz2NOF4m5Vb%2BGsmbI81uQt7ERimSrLSW15jWtUZiBbfDHeqEvlj6eDB6r%2BxMHqaPhUDDYLwBjmr4qCtzEMeZz4f6NpMo2MMF8KoypUGM1thvnd0okCrg2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
154
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 15:47:42 GMT
location
https://s.0cf.io/#ps=true&dbid=113b5a615e60f437&id=88&uid=0000EEA
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
pragma
no-cache
server
Apache
strict-transport-security
max-age=86400 ; includeSubDomains max-age=604800
x-mnet-hl2
E
PugMaster
image6.pubmatic.com/AdServer/ Frame 61C6 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=96266154&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
content-length
0
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
an-x-request-uuid
3770d076-f372-428f-9d91-cbf5d5a677b2
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame 5372
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=
  • https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
  • https://x.bidswitch.net/sync?dsp_id=70&user_id=8632191893802332344&ssp=gumgum2
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=70&user_id=8632191893802332344&ssp=gumgum2
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Server
18.195.61.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-61-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age
86400
access-control-allow-methods
GET
location
https://x.bidswitch.net/sync?dsp_id=70&user_id=8632191893802332344&ssp=gumgum2
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:41 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Date
Wed, 22 Nov 2023 15:47:42 GMT
Connection
keep-alive
Content-Length
128
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 5372 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:bf9c:a4a:22aa:bd3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=90c03a72-5f39-4b13-be55-0bc97af63175
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=90c03a72-5f39-4b13-be55-0bc97af63175
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=90c03a72-5f39-4b13-be55-0bc97af63175
Date
Wed, 22 Nov 2023 15:47:42 GMT
Connection
keep-alive
X-CI-RTID
f1f6b980-acd4-4479-8b98-eb10fc2f4df5
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame 5372 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 Ashburn, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=apUIM5il8Vwd&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=apUIM5il8Vwd&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=apUIM5il8Vwd&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame 5372
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
date
Wed, 22 Nov 2023 15:47:41 GMT
content-length
0
usersync
rtb.gumgum.com/ Frame F81A
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame 85CE 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 9A1A 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-184-192.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97675
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Thu, 23 Nov 2023 18:55:36 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 7893 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:41 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame 18D7
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5sAAAOAZaUkAAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5sAAAOAZaUkAAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:47:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5sAAAOAZaUkAAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
1
X-SO-Cluster-ID
0
X-SO-HostName
m-ad252.dc4p.scaleout.jp
X-SO-IP
217.114.218.19
X-SO-Key
ZV4insCo5sAAAOAZaUkAAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4insCo5sAAAOAZaUkAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad252"}
X-SO-LB-Hostname
a-tgng40002.dc2p.scaleout.jp
X-SO-Upstream-ID
m-ad252
usersync
usersync.gumgum.com/ Frame E5B2
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT Wed, 22 Nov 2023 15:47:41 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame B183
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:47:42 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:47:41 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
/
s.0cf.io/ Frame 4EA3 		38 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
5117
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffb4ee4694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:41 GMT
expires
Wed, 22 Nov 2023 16:17:41 GMT
last-modified
Tue, 05 Sep 2023 18:57:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5TnMezaH08nMwrttF7CIJVQjAIBxrnmd9z%2FLqpI8enigPeJwWnzROGFNuYX594s5nXI5dqLppoSuHSf9gOneGsQ0Og1x3%2FYlPrmz0NOOU016ad319mXSpkzD%2BrFkQIcLtAxcdXJI5g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
usync.js
eus.rubiconproject.com/ Frame B183 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28148
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:50 GMT
getuidj
ib.adnxs.com/ Frame 896B
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
  • https://ib.adnxs.com/getuidj
29 B
701 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Protocol
H2
Server
185.89.210.82 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
df9c012e31d1f40f00f1ef9d49bd50ef4c94813df00204e0d31de513b17a4db5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s.0cf.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:42 GMT
an-x-request-uuid
0d963e20-38fe-4ce0-b092-70c6b1a468ca
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
application/json; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
29
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:42 GMT
an-x-request-uuid
aa145d91-4893-440b-a909-00960bf906f8
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
https://s.0cf.io
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://ib.adnxs.com/getuidj
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
getuid
eb2.3lift.com/ Frame 0F77 		0
0
getuids
prebid-server.rubiconproject.com/ Frame 896B 		44 B
348 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/getuids
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.173.144.137 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
96463f77aae101d34cef570d1a40570d926482af4fc461cf03cb3ba54bd19fd8

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
content-encoding
gzip
Content-Type
application/json;charset=utf-8
access-control-allow-origin
https://s.0cf.io
Cache-Control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
70
Expires
0
rid
match.adsrvr.org/track/ Frame 896B 		63 B
416 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=prebid&fmt=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
0cbd9525629e32a57ab8339f37b8b5ec19a170668b53e3863fa6adb0d75b6fe5

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
content-encoding
gzip
server
Kestrel
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://s.0cf.io
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
expires
Fri, 22 Dec 2023 15:47:42 GMT
connectmyusers.php
cdn.connectad.io/ Frame 05DE 		1 KB
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1761
alt-svc
h3=":443"; ma=86400
cache-control
max-age=3600
cf-cache-status
HIT
cf-ray
82a24ffc5fdf37f2-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 22 Nov 2023 15:47:42 GMT
last-modified
Wed, 22 Nov 2023 15:18:21 GMT
server
cloudflare
vary
Accept-Encoding
current
prebid-match.dotomi.com/match/bounce/ Frame D18F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D10%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2010 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, private, max-age=0, no-store
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
0
pragma
no-cache
server
nginx
prbds2s
rtb.gumgum.com/usync/ Frame C565 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
df48345539e333db055ca41300a49ed21f251a7874fe41915acacdccefa8da5c

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:42 GMT
etag
W/"0df9f63652156d8cc3efddf7ad805b2b7"
server
nginx
timing-allow-origin
*
usermatchredir
ssum.casalemedia.com/ Frame 61AD 		0
0
prebid
rtb.openx.net/sync/ Frame 1AB1 		43 B
58 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D19%26uid%3D%24%7BUID%7D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0, no-cache, must-revalidate
content-length
43
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:42 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
pragma
no-cache
via
1.1 google
pixel
ap.lijit.com/ Frame 76E8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D25%26uid%3D%24UID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.14.14 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS
14.14.251.63.unassigned.ord.singlehop.net
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Date
Wed, 22 Nov 2023 15:47:42 GMT
X-Sovrn-Pod
ad_ap1sea1
us.gif
sync.go.sonobi.com/ Frame 9447 		49 B
368 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D26%26uid%3D%5BUID%5D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.66 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, private
content-length
49
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma
no-cache
server
sonobi-go
tcn
Choice
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-6-177
x-xss-protection
0
RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
sync.targeting.unrulymedia.com/csync/ Frame 67B7
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D22%26uid%3D%5BRX_UUID%5D
  • https://ad.turn.com/r/cs?pid=45&rndcb=5538215840
  • https://sync.1rx.io/usersync/turn/3694952109071410381?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
43 B
377 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software
/
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
43
date
Wed, 22 Nov 2023 15:47:42 GMT
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
0
location
https://sync.targeting.unrulymedia.com/csync/RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003
pragma
no-cache
occ
ups.analytics.yahoo.com/ups/58448/ Frame E183 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ups.analytics.yahoo.com/ups/58448/occ?uid=113b5a615e60f43777%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-71-149-231.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.87 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
0
date
Wed, 22 Nov 2023 15:47:42 GMT
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.87
strict-transport-security
max-age=31536000
0
prebid.a-mo.net/cchain/ Frame 2314 		0
0
/
onetag-sys.com/usync/ Frame A8F7 		0
94 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip252.ip-51-89-9.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-store
content-length
0
strict-transport-security
max-age=15552000
getsync
ads.servenobid.com/ Frame 896B 		9 B
290 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ads.servenobid.com/getsync?tek=pbs&ver=1&gdpr=0&gdpr_consent=0&us_privacy=0&format=json
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.251.103 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-251-103.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a

Request headers

Referer
https://s.0cf.io/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
content-type
text/plain

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
amp-access-control-allow-source-origin
*
content-type
text/plain;charset=ISO-8859-1
access-control-allow-origin
https://s.0cf.io
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
9
/
ssc-cms.33across.com/ps/ Frame B7C6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D1%26uid%3D33XUSERID33X
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-105.static.steadfastdns.net
Software
33XP017 /
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
server
33XP017
x-33x-status
2000208
ImgSync
image8.pubmatic.com/AdServer/ Frame 601C 		0
39 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=162168&gdpr=0&gdpr_consent=0&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D162168%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fs.0cf.io%252F%2523ps%253Dtrue%2526id%253D20%2526uid%253D%2523PMUID
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.64.190.79 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
0
date
Wed, 22 Nov 2023 15:47:42 GMT
rtset
bh.contextweb.com/ Frame B606 		0
0
v1
match.sharethrough.com/universal/ Frame 3BDC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/universal/v1?supply_id=Uj448boa
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.51.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-51-148.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
sync
ssbsync-global.smartadserver.com/api/ Frame D02E 		0
0
/
s.0cf.io/ps/ Frame A1A1
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=113b5a615e60f437&dbid=113b5a615e60f437
  • https://s.0cf.io/ps/?dbid=113b5a615e60f437
2 B
490 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.0cf.io/ps/?dbid=113b5a615e60f437
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e2::ac40:8e15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1
alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=1800
cf-cache-status
HIT
cf-ray
82a24ffcc85d694c-FRA
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Wed, 22 Nov 2023 16:17:42 GMT
last-modified
Mon, 04 Oct 2021 18:28:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CcwP2BewSUMNHsHrqBT1BjaZAYTJctIp77%2FXHZsjfvc4hf%2BMIt0Ei6bI1DtrsLFT56FpO6Wv2cMdrzQxANjCiTi1lboUhdNH7%2F4%2BU0Cjjv%2B7DwJTAvzxOhybcAClI6toCMVcNU6BHA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
316
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
location
https://s.0cf.io/ps/?dbid=113b5a615e60f437#ps=true&id=666&uid=CAESEIet9b1Wmxzp94HkuFMbBVU&cver=1&error=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
img
sync.mathtag.com/sync/ Frame 79AE 		0
0
cksync.php
hbx.media.net/ Frame B4DA 		0
0
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
  • https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:42 GMT
an-x-request-uuid
aa7ab869-66b8-497b-ab7e-5909512f1d1f
server
nginx/1.21.3
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, private
access-control-allow-credentials
true
location
https://usersync.gumgum.com/usersync?b=apn&i=3889965644092935638
x-proxy-origin
217.114.218.19; 217.114.218.19; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length
0
x-xss-protection
0
expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
x.bidswitch.net/ Frame C565
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=002c4419-38d0-4db0-b604-753b9e449661
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
43 B
145 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Server
18.195.61.190 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-61-190.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif

Redirect headers

location
//x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=550f529b-f592-4232-8dd2-aca67378bf2f&user_group=1&ssp=gumgum2&bsw_param=002c4419-38d0-4db0-b604-753b9e449661
date
Wed, 22 Nov 2023 15:47:42 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
  • https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

date
Wed, 22 Nov 2023 15:47:42 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://usersync.gumgum.com/usersync?b=opx&i=35a64af9-fc42-423d-bd2b-081071be8113&gdpr=0&gdpr_consent=0
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=sta&i=0-fc0e31f1-fa6d-5e95-518f-469b85c702e2$ip$217.114.218.19
Date
Wed, 22 Nov 2023 15:47:42 GMT
Connection
keep-alive
Content-Length
128
Content-Type
text/html; charset=utf-8
gumgum
pr-bh.ybp.yahoo.com/sync/ Frame C565 		43 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3601:bf9c:a4a:22aa:bd3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:42 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersyn...
  • https://usersync.gumgum.com/usersync?b=vnt&i=4eb16b75-6a79-4990-808d-c4f79376c656
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=vnt&i=4eb16b75-6a79-4990-808d-c4f79376c656
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=vnt&i=4eb16b75-6a79-4990-808d-c4f79376c656
Date
Wed, 22 Nov 2023 15:47:42 GMT
Connection
keep-alive
X-CI-RTID
6dc64077-c6c4-47a8-bdf5-a1074fd48379
Content-Length
108
Content-Type
text/html; charset=utf-8
142
match.deepintent.com/usersync/ Frame C565 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 Ashburn, United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 15:47:41 GMT
content-length
0
server
b
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://b1sync.zemanta.com/usersync/gumgum/?puid=e_b483b219-3e00-4ce1-95d5-03580865a4d1&gdpr=0&gdpr_consent=0&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__
  • https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

Location
https://usersync.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
102
Content-Type
text/html; charset=utf-8
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
  • https://usersync.gumgum.com/usersync?b=pln&i=fpfDnCGJA9N5&ev=1&pid=558355
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=pln&i=fpfDnCGJA9N5&ev=1&pid=558355
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
de-DE
location
https://usersync.gumgum.com/usersync?b=pln&i=fpfDnCGJA9N5&ev=1&pid=558355
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6b57df6cd5-ltsqv
expires
-1
usersync
usersync.gumgum.com/ Frame C565
Redirect Chain
  • https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=0
  • https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
35 B
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rtb.gumgum.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Date
Wed, 22 Nov 2023 15:47:42 GMT
Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Expires
0

Redirect headers

location
https://usersync.gumgum.com/usersync?b=sad&i=4755932680271221536
date
Wed, 22 Nov 2023 15:47:41 GMT
content-length
0
1
sync-eu.connectad.io/syncer/ Frame 24E0 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Requested by
Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A//prebid.adnxs.com/pbs/v1/setuid%3Fbidder%3Dconnectad%26gdpr%3D%0%26gdpr_consent%3D0%26uid%3D86%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:10::6816:37ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://cdn.connectad.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
82a24ffcc86e37f2-FRA
date
Wed, 22 Nov 2023 15:47:42 GMT
server
cloudflare
usersync
rtb.gumgum.com/ Frame 62C1
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=0
  • https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
35 B
208 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.229.145 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-229-145.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, no-store, must-revalidate, max-age=0
content-length
35
content-type
image/gif;charset=UTF-8
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
0
pragma
no-cache
server
nginx
timing-allow-origin
*

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
-1
location
https://rtb.gumgum.com/usersync?b=adf&i=8632191893802332344&gdpr=0&gdpr_consent=0
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
pixel
cm.g.doubleclick.net/ Frame C970 		170 B
188 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iNDgzYjIxOS0zZTAwLTRjZTEtOTVkNS0wMzU4MDg2NWE0ZDE=&gdpr=0&gdpr_consent=0&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
170
content-type
image/png
cross-origin-resource-policy
cross-origin
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
HTTP server (unknown)
x-xss-protection
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 858D 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.32.184.192 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-32-184-192.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=97674
content-encoding
gzip
content-length
5622
content-type
text/html
date
Wed, 22 Nov 2023 15:47:42 GMT
expires
Thu, 23 Nov 2023 18:55:36 GMT
last-modified
Thu, 16 Nov 2023 09:11:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 6CB2 		70 B
148 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-length
70
content-type
image/gif
date
Wed, 22 Nov 2023 15:47:42 GMT
server
Kestrel
usersync
usersync.gumgum.com/ Frame BD5C
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=gumgum
  • https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7p4AAAAA
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7p4AAAAA
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

Cache-Control
private
Connection
keep-alive
Content-Length
0
Date
Wed, 22 Nov 2023 15:47:42 GMT
Location
https://usersync.gumgum.com/usersync?b=sus&i=ZV4insCo5tAAAJUi7p4AAAAA
P3P
CP="See also http://www.scaleout.jp/privacy/"
Server
nginx
X-SO-Ads-Time
1
X-SO-Cluster-ID
0
X-SO-HostName
m-ad432.dc4p.scaleout.jp
X-SO-IP
217.114.218.19
X-SO-Key
ZV4insCo5tAAAJUi7p4AAAAA
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":0,"gdpr":true,"ipv4":"0.0.0.0","key":"ZV4insCo5tAAAJUi7p4AAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad432"}
X-SO-LB-Hostname
a-tgng40012.dc2p.scaleout.jp
X-SO-Upstream-ID
m-ad432
usersync
usersync.gumgum.com/ Frame FD04
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=gumgum
  • https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
35 B
250 B 		Document
General
Check archive.org
Download Go to
Full URL
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
35
Content-Type
image/gif
Date
Wed, 22 Nov 2023 15:47:42 GMT
Expires
0
Pragma
no-cache

Redirect headers

cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
date
Wed, 22 Nov 2023 15:47:42 GMT Wed, 22 Nov 2023 15:47:42 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://usersync.gumgum.com/usersync?b=rth&i=l9nO1ZCAn4M_M-eTmv-yWdKm52Ii33-nv-PuNsUWIwg&pi=gumgum
pragma
no-cache
usync.html
eus.rubiconproject.com/ Frame 9B67
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
  • https://eus.rubiconproject.com/usync.html?p=gumgum
281 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by
Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D15%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://rtb.gumgum.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 22 Nov 2023 15:47:42 GMT
ETag
"280525-119-60930cbd3cec0"
Last-Modified
Thu, 02 Nov 2023 19:57:23 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Wed, 22 Nov 2023 15:47:42 GMT
location
https://eus.rubiconproject.com/usync.html?p=gumgum
server
AkamaiGHost
usync.js
eus.rubiconproject.com/ Frame 9B67 		46 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.149.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-149-233.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 15:47:42 GMT
Content-Encoding
gzip
Last-Modified
Tue, 21 Nov 2023 23:36:50 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=28148
Connection
keep-alive
Content-Length
13230
Expires
Wed, 22 Nov 2023 23:36:50 GMT
khaos.json
token.rubiconproject.com/ Frame C994 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
khaos.json
token.rubiconproject.com/ Frame F362 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
khaos.json
token.rubiconproject.com/ Frame B183 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
khaos.json
token.rubiconproject.com/ Frame 9B67 		7 B
380 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://token.rubiconproject.com/khaos.json?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://eus.rubiconproject.com
Cache-Control
no-cache,no-store,must-revalidate
access-control-allow-credentials
true
content-length
7
X-RPHost
7d6e3b6fefbbeb4d018118d74243a2fc
Expires
0
collect
region1.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-PNTYD12RWN&gtm=45je3b81v879042239&_p=1700668056573&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&cid=1357598203.1700668057&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&dl=https%3A%2F%2Fheroinvesting.com%2Fbusiness%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&dr=https%3A%2F%2Fheroinvesting.com%2Fentertainment%2Fbig-brands-hidden-behind-costco-kirkland%2F%3Futm_source%3Dob%26utm_medium%3Dcpc%26utm_campaign%3Dhi_cos_6-01_an_c_3%26utm_term%3D0061df1e37acfb75f995365418e6af2098%26extid%3Dv4-4EyY2w7-1079981226%26dicbo%3Dv4-4EyY2w7-1079981226&sid=1700668056&sct=1&seg=1&dt=Big%20Brands%20Hidden%20Behind%20Costco%20Kirkland&en=page_view&_et=1001&tfd=7110
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-PNTYD12RWN&l=dataLayer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://heroinvesting.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 22 Nov 2023 15:47:43 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://heroinvesting.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
dblksync.dblks.net/dblksync/ Frame D827 		20 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dblksync.dblks.net/dblksync/
Requested by
Host: s.0cf.io
URL: https://s.0cf.io/?gdpr=0&gdprConsent=&bidid=312110843-816072-11953-2&id=113b5a615e60f437&uid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e2::ac40:861f -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326

Request headers

Referer
https://s.0cf.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
age
3607
alt-svc
h3=":443"; ma=86400
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
82a250049c411c94-AMS
content-encoding
br
content-type
text/html
date
Wed, 22 Nov 2023 15:47:43 GMT
last-modified
Tue, 14 Nov 2023 18:39:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mouu5gtb07GtY0LTccBzgIhNvZpn4dcHAWgWIG8J9ijrwyG2CdniZauvUvFseVyuycs34mIcouiU7rV8Qthq92qKtXIIa%2F4WRaUptvffDo7vo5nqiDO9Q05Z2n%2FtpF5mc9xuOVnifrEBfz0E1VE%2Flgk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
exchange.kueezrtb.com
URL
https://exchange.kueezrtb.com/prebid/multi/641ab9f7284b9911720b9b75
Domain
eb2.3lift.com
URL
https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D76%26uid%3D%24UID
Domain
ssum.casalemedia.com
URL
https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D74%26uid%3D
Domain
prebid.a-mo.net
URL
https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D81%26uid%3D
Domain
bh.contextweb.com
URL
https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D21%26uid%3D%25%25VGUID%25%25
Domain
ssbsync-global.smartadserver.com
URL
https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D82%26uid%3D%5Bssb_sync_pid%5D
Domain
sync.mathtag.com
URL
https://sync.mathtag.com/sync/img?mt_exid=75&gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D61%26uid%3D%5BMM_UUID%5D
Domain
hbx.media.net
URL
https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=0&us_privacy=0&redirect=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3D113b5a615e60f437%26id%3D88%26uid%3D%3Cvsid%3E

Verdicts & Comments Add Verdict or Comment

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| documentPictureInPicture function| getUrlParameter function| chooseSplitTests function| loadScript object| properSpecialOps string| utm_source undefined| fbCode function| obApi object| __NUXT__ function| tryLoadAssertive function| tryLoadProper object| splitTests object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| scr number| now object| node function| apiObj object| v_0x5e13 function| v_0x3fb3 object| __vdzworkers__ object| _vdzwgt_ object| dataLayer function| gtag object| assertiveQueue object| $nuxt object| ayManagerEnv function| a0Y function| a0t function| a0j object| googletag object| adsbygoogle object| pbjs object| pbjsl string| aYZcOSkshq object| vdzCmp object| AdGarden object| vdzTcf object| google_tag_manager object| google_tag_data object| apstag function| onYouTubeIframeAPIReady object| gaGlobal function| onVidazooCallback object| _aps boolean| apstagLOADED object| GooglebQhCsO object| ggeac object| google_js_reporting_queue object| pbjsChunk object| _pbjsGlobals object| ADAGIO object| mnet function| UAParser object| apscustom object| D9v object| D9r object| confiant object| biddersCPMAdjustment object| assertive undefined| google_measure_js_timing boolean| _assertiveInitialized object| ntv object| _taboola object| OBREvents string| send object| d9PendingXDR object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| NWMyNTNhZjg1YmVhNTQ0ZGxvYWRlcl9qcw== string| NWMyNTNhZjg1YmVhNTQ0ZGNhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| nmmRefreshCounts object| sas object| apntag object| _ADAGIO

66 Cookies

Domain/Path Name / Value
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr
Value: 1
pbs.nextmillmedia.com/openrtb2 Name: nmm-ss-cps-usr-exp
Value: "2023-11-23 15:47:37"
i.liadm.com/s Name: _li_ss
Value: CggKBgjdARDHFg
heroinvesting.com/ Name: dicbo_id
Value: %7B%22dicbo_id%22%3A%22v4-4EyY2w7-1079981226%22%7D
.heroinvesting.com/ Name: _ga
Value: GA1.1.1357598203.1700668057
.heroinvesting.com/ Name: _gcl_au
Value: 1.1.177558417.1700668057
.kueezrtb.com/ Name: kuid
Value: 3ddf0babf02d1d32
.doubleclick.net/ Name: IDE
Value: AHWqTUnvzpRyRyYqQVD9vLD3ootyl9t7LpeoBYETuUckojc3r_wUO80H1GidmhEY
.script.ac/ Name: __cf_bm
Value: WKHJzj4BQsPIYY0kbW6OGQeBP3ZAyHLF.lZAa9uVilU-1700668057-0-AbRz72do8gU6By/ZLZosA2XATnacSMlt/ZkLL+QE5B/Dvap3ABdkD/UiABGljVUVOQ+Qrz2CO/waw5VkPOu45JI=
.flashtalking.com/ Name: _D9J
Value: f828dd4b7159431fa36285821bf3a24f
prebid.a-mo.net/ Name: _Amc_b
Value: 0
.prebid.a-mo.net/ Name: __amc
Value: 1_1700668057_1700668057
.gumgum.com/ Name: cs
Value: true
.rubiconproject.com/ Name: khaos
Value: LP9XUNOP-1M-G7M1
.rubiconproject.com/ Name: audit
Value: 1|naVuGyos1qpiY8W0ftQi5bU1ZxogGjlwOA+xFj1I9scmP1H4Ec1c++RYArKWmFbP8a8bGwP47VKMCL+3kiImJzBL9RgbQbtMK04Jxx6SvqchkTnGhAX54b7FQD2yB//h3OlDu/ORdD8=
.go.sonobi.com/ Name: __uis
Value: 66398072-b05e-40d2-91d2-43d79285795e
.go.sonobi.com/ Name: _usd_heroinvesting.com
Value: 052dca64-4730-4f69-862f-05ce44610dde
.go.sonobi.com/ Name: __uin_zt
Value: 2561353009271002579
.go.sonobi.com/ Name: __uin_bw
Value: a794bfc1-d607-4ded-8ba1-f1ce7f4a1e57
.go.sonobi.com/ Name: __uin_rh
Value: CEVC6tberXBqt2RUoccA
.go.sonobi.com/ Name: __uin_td
Value: 8a7e9503-82d2-4da9-8255-3a65d340c50e
.go.sonobi.com/ Name: __uih
Value: 1
.heroinvesting.com/ Name: _ga_PNTYD12RWN
Value: GS1.1.1700668056.1.1.1700668058.0.0.0
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: c5b45f34918a01ee
.0cf.io/ Name: _dbid
Value: 113b5a615e60f437
.3lift.com/ Name: tluid
Value: 4244436613735121705761
cookies.nextmillmedia.com/ Name: NMUID
Value: csuid_79c53f4b-d40e-4d4b-bb39-3d0a46dc42f0
.gumgum.com/ Name: vst
Value: e_b483b219-3e00-4ce1-95d5-03580865a4d1
.bidswitch.net/ Name: tuuid
Value: 002c4419-38d0-4db0-b604-753b9e449661
.bidswitch.net/ Name: c
Value: 1700668061
.bidswitch.net/ Name: tuuid_lu
Value: 1700668061
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-fc0e31f1-fa6d-5e95-518f-469b85c702e2.sf5qTsOFHYiCICGO0uX4HMUcKTHQzkdLn%2FIW9YdMe4o
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-fc0e31f1-fa6d-5e95-518f-469b85c702e2.sf5qTsOFHYiCICGO0uX4HMUcKTHQzkdLn%2FIW9YdMe4o
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A_A4x8fptXpVRj0abhccC4tly2hM.OgMFU2k0fPvlgYRloYdB5rRb1douOm90p9OXmiBiMDE
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A_A4x8fptXpVRj0abhccC4tly2hM.OgMFU2k0fPvlgYRloYdB5rRb1douOm90p9OXmiBiMDE
.casalemedia.com/ Name: CMPS
Value: 5196
.csync.loopme.me/ Name: viewer_token
Value: 95e023af-01b6-40f5-95b4-d8d9ede38cd2
.mathtag.com/ Name: uuid
Value: f9ef655e-229d-4e00-8dcf-6c575638c38d
.smartadserver.com/ Name: pid
Value: 4755932680271221536
.casalemedia.com/ Name: CMID
Value: ZV4inQfoXk0y617BLTqixAAA
.casalemedia.com/ Name: CMPRO
Value: 5196
.adnxs.com/ Name: uuid2
Value: 3889965644092935638
.creativecdn.com/ Name: u
Value: nXroKzpKTP3FiT4lVNhY
.creativecdn.com/ Name: g
Value: nXroKzpKTP3FiT4lVNhY_1700668061684
.creativecdn.com/ Name: ts
Value: 1700668061
.openx.net/ Name: i
Value: 1137d1d0-7dd0-459c-8086-d015ddc9b3a8|1700668061
.adform.net/ Name: C
Value: 1
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHxU5-trh8847vd4EszlW5h0dr0L-ZxqKBL65uSOcUXaEHwYBCCdxfiqBjABOgRyABfNQgSkTIaM.cXdFX%2F5w0ppLfs28TZh%2Fb1QaYcFE4JXaR0gEuWhzhGw
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIHxU5-trh8847vd4EszlW5h0dr0L-ZxqKBL65uSOcUXaEHwYBCCdxfiqBjABOgRyABfNQgSkTIaM.cXdFX%2F5w0ppLfs28TZh%2Fb1QaYcFE4JXaR0gEuWhzhGw
.adform.net/ Name: uid
Value: 8632191893802332344
.go.sonobi.com/ Name: HAPLB8G
Value: s86177|ZV4io
cookies.nextmillmedia.com/ Name: syncedBidders
Value: {"ix":1}
.ads.pubmatic.com/ Name: KCCH
Value: YES
pbs.nextmillmedia.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJhZG54cyI6eyJ1aWQiOiIzODg5OTY1NjQ0MDkyOTM1NjM4IiwiZXhwaXJlcyI6IjIwMjMtMTItMDZUMTU6NDc6NDEuOTA1NTUzNjkzWiJ9fX0=
.brand-display.com/ Name: _knxq_
Value: 939b6fc8-9345-5019-380f7288.1700668062.0.1700668062.1700668062
pool.admedo.com/ Name: tuuid
Value: 550f529b-f592-4232-8dd2-aca67378bf2f
pool.admedo.com/ Name: c
Value: 1700668062
pool.admedo.com/ Name: tuuid_lu
Value: 1700668062
.turn.com/ Name: uid
Value: 3694952109071410381
.connectad.io/ Name:
Value: cadsync
.amazon-adsystem.com/ Name: ad-id
Value: A-baeGoUT0tVkCFjYXSptt0
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003%22%7D
.liadm.com/ Name: lidid
Value: 3ece3bcf-175d-474d-a61d-a8fbb1899614
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-77da2f61-8784-416f-81f2-f1506b9bcc7c-003%22%7D
.ipredictive.com/ Name: cu
Value: 4eb16b75-6a79-4990-808d-c4f79376c656|1700668062376

22 Console Messages

Source Level URL
Text
javascript warning URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js(Line 9)
Message:
Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/floorPrice/vRL9rGsaHH7Mx6NDN/js/floorPrice/linreg.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://vrl9rgsahh7mx6ndn.ay.delivery/forest/vRL9rGsaHH7Mx6NDN/js/bid/forest.min.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
network error URL: https://onetag-sys.com/usync/?gdpr=0&gdpr_consent=0&us_privacy=0&redir=https%3A//ps.0cf.io/%3Fonetag%3D%24%7BUSER_TOKEN%7D84%26uid%3D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').
security error URL: https://s.0cf.io/(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://s.0cf.io') does not match the recipient window's origin ('https://heroinvesting.com').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.teads.tv
aax.amazon-adsystem.com
ad.turn.com
adgarden.market
ads.pubmatic.com
ads.servenobid.com
amplify.outbrain.com
ap.lijit.com
apex.go.sonobi.com
api.assertcom.de
b1sync.zemanta.com
bh.contextweb.com
bid.contextweb.com
brightcombid.marphezis.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cadmus.script.ac
cdn.confiant-integrations.net
cdn.connectad.io
cdn.heroinvesting.com
ce.lijit.com
cm.g.doubleclick.net
colossusssp.com
config.aps.amazon-adsystem.com
contextual.media.net
cookies.nextmillmedia.com
cpm.qortex.ai
creativecdn.com
csync.loopme.me
d9.flashtalking.com
dblksync.dblks.net
dis.criteo.com
dmp.brand-display.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
exchange.kueezrtb.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
g2.gumgum.com
googleads.g.doubleclick.net
grid.bidswitch.net
gtrack.kueezrtb.com
gum.criteo.com
hb.minutemedia-prebid.com
hb.yellowblue.io
hbx.media.net
heroinvesting.com
htlb.casalemedia.com
i.clean.gg
i.liadm.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
js-sec.indexww.com
lb.eu-1-id5-sync.com
lexicon.33across.com
match.adsrvr.org
match.deepintent.com
match.sharethrough.com
mp.4dex.io
onetag-sys.com
pbs.nextmillmedia.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid-server.rubiconproject.com
prebid.a-mo.net
prebid.cootlogix.com
prebid.dblks.net
prebid.media.net
prg.smartadserver.com
region1.google-analytics.com
report2.hb.brainlyads.com
rtb.gumgum.com
rtb.openx.net
s.0cf.io
s.amazon-adsystem.com
s.seedtag.com
script.4dex.io
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssc.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.kueezrtb.com
static.vidazoo.com
sync-eu.connectad.io
sync.1rx.io
sync.colossusssp.com
sync.cootlogix.com
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
targeting.unrulymedia.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tr.outbrain.com
track.kueezrtb.com
u.kueezrtb.com
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
vrl9rgsahh7mx6ndn.ay.delivery
wave.outbrain.com
www.google.com
www.google.de
www.googletagmanager.com
x.bidswitch.net
bh.contextweb.com
eb2.3lift.com
exchange.kueezrtb.com
hbx.media.net
prebid.a-mo.net
ssbsync-global.smartadserver.com
ssum.casalemedia.com
sync.mathtag.com
104.18.36.155
104.238.128.98
108.138.1.25
13.248.245.213
13.32.119.77
141.95.33.120
145.40.97.66
15.197.193.217
157.230.14.143
162.19.138.82
162.55.95.177
172.240.155.68
172.64.149.180
172.64.151.101
178.128.135.204
178.250.1.9
18.192.193.155
18.195.61.190
18.196.51.148
18.202.39.252
185.184.8.90
185.29.134.244
185.64.190.78
185.64.190.79
185.89.210.82
199.212.255.178
2001:4860:4802:34::36
2001:678:cb4:bbbb::11
208.93.169.131
209.192.253.44
209.54.182.161
211.120.53.201
216.52.2.30
216.58.212.162
23.197.120.249
23.32.184.192
23.32.184.20
23.32.185.60
23.35.228.23
2600:9000:223f:3400:3:6d3c:dac0:93a1
2600:9000:2251:9e00:6:1c12:bd80:93a1
2602:803:c003:200::44
2606:4700:10::6816:227b
2606:4700:10::6816:37ce
2606:4700:20::681a:8a9
2606:4700:3036::ac43:9447
2606:4700:4400::6812:2b5a
2606:4700:4400::ac40:994e
2606:4700::6812:1691
2606:4700::6812:751
2606:4700:e2::ac40:861f
2606:4700:e2::ac40:8b0c
2606:4700:e2::ac40:8e15
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2003
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2008
2a00:1450:4001:813::200a
2a00:1450:4001:829::2004
2a00:1450:4001:831::200e
2a02:2638:3::c
2a02:fa8:8806:20::2010
2a05:d018:d29:3601:bf9c:a4a:22aa:bd3
3.127.67.62
3.214.189.170
3.71.149.231
3.73.104.85
34.120.63.153
34.149.20.76
34.149.50.64
34.160.19.107
34.247.233.198
34.249.240.92
34.95.69.49
35.186.253.211
35.210.53.219
35.214.146.66
35.244.159.8
35.244.193.51
37.157.6.232
38.91.45.7
44.196.232.111
45.77.105.37
46.228.174.115
46.228.174.117
51.89.9.252
52.48.81.28
52.86.26.91
54.157.93.233
54.165.78.186
54.247.19.59
54.74.229.145
54.84.92.154
63.251.14.14
63.32.251.103
66.225.223.63
67.202.105.24
69.166.1.66
69.166.1.8
69.173.144.137
69.173.144.138
70.42.32.127
77.245.57.72
81.17.55.123
89.149.192.64
95.101.149.233
95.101.149.35
99.86.4.30
003f02a67866738da078f1cd7aadfa534e2d959792f1213a8d3804dfc048a37d
011461c1c6f5df3ae6c896f8337fd8313df8e1cc3138edd02f35616758d0e875
02b6a4cea9e3cb9cae8bc6e8823137f630bc4bba3034e991aad496a143f9607e
051b2836e4820a3904982cc7eeba96d09c9a3e5d4cdcf0a57fc2802316802430
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
05bf2ab251381493728b17ba51a3c902bd50938b723cadcbb035041f8fd684a2
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08a2e6c7bd4de0fe86f3778576e97c265120b32a5674471d408c508b7f733948
08b427806db85e6b17aba4fa571f7983fd8e8bc6a91a1d942fa18c938f913943
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
09a45732f771315394b0d99b7dc3416b488a1a0a817f1fbb73666d78730730e4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c945aa0bb5ba5a939754f316628f652efd88279fdba1fda70102f12984e7c9f
0cbd9525629e32a57ab8339f37b8b5ec19a170668b53e3863fa6adb0d75b6fe5
0dbb50b756fea5b251ca8c20be90a5b8e08869bebdec3fdd1ff5da14bb6879f3
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0fbee40d848d6df79b375ca87bdb53f4e97bfb3c6dc2a1d03cb8fd74a395eca4
0ffcdfacfa747ec1af447e1e5602e8be7d8d168c1b065845e77a67ffba77b594
11c4d847faa1a75d75f0ce42414094da93d3fe370b3a245f32d47b67e49d53d2
11f9906fd251c55cc634a33d99bffeaf5b216cda7178bf42952df89f7f864686
122e502e02d15917d291203058aefa9dfec946bcc445882339a1bea7d3dbc912
12429c251a257c42b91bdd4b253b8d8a8a01b091d23414824999ebad0a251277
12c2c5879869f4df381804a5ce8d962523039494efae426ee339bb18d136d331
15cc6ed7ad7ac59aa5463653a28d52daa424df8c8adc7801c7cc3d980430e658
1998fc3303d046f8b2065d2689dadca97130151667b57404f94a9d0adbb5b72b
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1efa1573d449934ada78452182a4680d6afa3e56c4cc918c43c963394bab38ff
1f2de3317f7ffbfa96e0e04d6b862d3fab8f6cdd3dfcb29f65567ec131d21d13
20a2d1cb527e7a09b01d768a1551d236ddca12f69f6267d9c3d878d3590b8abc
21a1d627f87cdf503961420c198b2bcc9993f88235210d85186824b823e96d0d
23af93c9b164275cac4f0854507fbd3cf31ae07b91538cad58d49ed8fabe443a
2414badced0e65e0d68b7fbe36506f936f39d76ac7506e9a3fc3480a7ce652a0
2754346d72795e3e3c53b6743cb9302b6787a4b30c170cfa79353988658ebec9
288d1aff6b40d91889a5f0efc906a5316d3f732641f32462f2ec4dd854f55981
2b34770f60feb64c75a7a4493ab5ce671d926454cd7f96ececea1a4d20fc1d41
2c35673b710da41c97f2f8307ca5d34fd107b636bf0b5f8a344c3288e2380fa9
2d1ff3976b3b7aa422dbb426f453a7a2932a9b7ae033b0803910922f4bbb17ef
33f9a4c16adfbe18140ca6e90cd3de3350500414904ed811dd67dd87e90f1e8b
3b00a8a576ab1a5c5f9b0be2879d6b6fccd951bad441aa268fddf620fb6d0643
3d01230fdb33d364153459f6167160172c369b808bcf160b82dc9dc58bfb9489
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41d9cd451777916c4ce5efe9bfac4bd481998c1814941f3215eb63be47da8d07
436c5ea88f6c8e21aec4db5b2daebde8d7c8f5a81b2524aca6a52d28121a118b
43bf60671c41e18a46c4b12077ddf6e7982cd0700ce49bbc7158619a2a3e49b0
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4b70b5ab26a51f7829a43fa74bbb2abc2fab541d5842d7c481274f9aaa239a53
4c4e67eb3853f71c9e8d8f672d15eddb5e71f8134c162cce6eecb3b2a4e5dd36
4c8fe936e012d2d229577704c34c41a451d7a98aa5c2566ea5c3930aa7e3f40f
4d4d72fa0dc499054f927f44a2038048d5e93407ee6c74a6a1602542c6ac5ff1
4db83c0e138bdabd7f5938e2643282248bfadaf39b2982895fbc211b0c706bd5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5006334bf67e3ff98f80c349ba003b9f59f391db67fc3fef85d055907168e8c5
527e2eca91b5666b8c2c9c206254da1f9a0b716c7d5332e4ed92eaf1aecf6584
53305fbcef9615547e840477a419b2013c2460d18193169d36a4304fa33b0354
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
56939e06ab2cb38895d26a98e53f13e4fa8507be612ac0d2537b7f1c68988087
5a6922d6039706cf85aa18ce219860d4a1146ec59157edf6f4e06fed8cac88c0
5a99612d9b5cb97ad873c0c0ad6bb9a28cdb71e035d4c817e974714e734c585d
5fe664cef03454b93af011d32292a83e29bdb59b2bd24c7f5afd6cdef080bff2
61496aa1a9c3d26cfc292b41fc451a597a47468117c1fb258226a57296390433
621956920794435749062962f24d6d450771b48b8cf76c518d8241143534c2cd
64faef43f59f0d829a290bb25e0b5c24308c0381b590d9717e460a8344912ba3
650c82476c4211d9c7dcab13c023c507bdb5f3e2364d3a4446d67dc5c5566918
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
665604621d7d5e632b1efe0c0fe218df49b872581af0b7fd321729dc8b543d5d
681975cda034fb2d0e68d7b56286fd4af9fb9586c561cb77f140633df6d7ea07
68c17e743f229f07f1375bd906669e46147d13fd2c92be22317bd3d4e505b5e7
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c06cb54fd77979d1bfcde9cc23f061ea3e9a379ce3d5f6f6b69f18d1918e9a1
6f8784730cea88db6686daf125d708a58c54e0b2e6507149153d05600d597ef7
7199a6f1524479e5151e8b47460b1f2f849dce15f36d3ec86ea4fcb3b932fdce
72d427b7264997760074a94dcc1c9e54ae2c33b05276bfb3cfcd0f5d2d8bba3a
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
77177ed004787a92ed9c83e7abd219b55425dff8d70d1e93a261f2ea7c01efdb
77b47b7a038f38916adbe760bc262fe2aa75e9f2a0d67621d19ad74e41acdb39
7ab3ebae891a75d2dfbc5dd36107f16a0b9ba271694c40f5b55279b4d69c9d53
7b76b819a56cefc5344fabd9df41fdab467b1038d63992c2cabe70ab71d44c8a
7e935129a11318de63e546f68d190230eee54736d13397fc143cd80c6a16bdfe
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
81ce6bffd1b40eb13d88a0dc38da2057cb4c621347a51d852d1cf65ef96ca53c
8264bf30b0dfc41d19bf53d2c63a8fc9326b427cf3ea9cd9b6be2696fc55b118
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
83e4fecbbe3938653edd82602b3e3a0bd98509c5f8e50a8cd82b393695a1b9bb
842180c49522c1ce242d5d89bb09ea1e539e5ce7ac90d0969bc1ca4e495ab5f1
850a261f025f4439a213f203997dd79a7ab036fc29c1f9a7d02d6c8773c7be9b
8795ccb00ce1f0e89e48feff5cbe9febbc2bf5be040fcb17f6298acec8d9c19d
8959c0b49ad08b00ab047f2eda9aa568d1f9e2a56f97968b8598f615a27696fa
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d74beec1be996322ad76813bafb92d40839895d6dd7ee808b17ca201eac98be
8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fdeab5f74264d802062ef7f6953d5b90aedc5f891d70b763808525ba530d341
949a30ed07d2975ead2a00344b822b0c43bab1939fbb37102d3b0811364b2326
958e769fd53f7d2555562484244137d4ad295a4cf4f3e743b731fb8a24c44d03
96463f77aae101d34cef570d1a40570d926482af4fc461cf03cb3ba54bd19fd8
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
977658a6b9d8442ef909de436ae2473f4c313de021c738c70b3fb4e4095aab51
98d25c42082346c201348402510cd536a6a64d7c151a952b067e9ba825fed471
99dc6efbb92e8a11bdaefa83dd1a518c6a015455f0c6ff5c6ef218a562755573
9abe2da7218e8d78a1fe383245df113671b0a0e9613c7d73d282d7026842a9b9
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
9da952a3e6db7811c02d42042d0e70199d47c50241671b49d8df09c5e704ec3a
a022a87f48a2a7d80ff363e6475102738404498ebbff5b3b6225aaadb345d1ee
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84
a578b7621ffb25e8a96532b5f7509fc5abcd724d14e2b13eb920418077755ce6
a8f81ae29f4f064b09f32197200198492754cd553979c148f3955b9cb31f819f
a96e1e97d62ab9747678b947bdf0a0ea5f81790b1e3a1df2d4607a86bf802596
a9b5d62445d48f75234b683670ffd3f95f5c7240decae3146a38f0d19abd76dc
b04dfae5d49297b8b6a514bd8bf1c7bea7ebe622232401a5abed5a92809a2b66
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4b6672c00bfe73650afbb351b5d334388cd55c6c6523b71ed6f8f8eed1d141e
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b698f4535cf67b7d888113bc09693d430652d57e20d67a4a31f5c8e5e3c24330
b74c57956156cfdb6ea1f2b5442d62bfd3d771a122de72133859f318f4b2d6c1
b952ae1a582910bbfd4efa3b03c3dd91b903fc474d62dbbda8db0729f34ea02c
ba8b61671c5a1344acefbc986cb110f88f924b2367852345131717c3ff1f19a9
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb4f8df5602b561c6a5247851f27cebac4099886c0f337e67e5ea9fa0f9caac8
be21c68151947530567dcb15dcf4aa169621e4ec3d2a9ef8c71ba3590e5e35cf
bf9a23b3505b601a9de91a953c462d670e5b13fbbed92e0be549822cdd2af34a
c0522728ccb5838436f1541af5527b71d5ca495224a7ec28aa8dd4173aa8c3dc
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c4cb7ee295b14fe670ced1e8271273041990ca3d5af39accf8e960c227148eab
c84074baff8c27ab00dd84e9fdf57f94ca82c0fce2ad492c8302bb1ca109953d
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce2f2d6e2c86d4842495777302cd555696e40d7ebde2763a9825562abb9bf5d6
cf1ac793c916c98710b1c25b87435cc3a41643980c8ef9b30a08675a2822e8c8
d0d2e098cd489ef7bc528c86de8ab5c51b5d6cdf9b76a8b08766036992f0d2f4
d0e50db0d6679dac85be85bf1cc2c0d12725b403a32d8d33f0bc45c676be8978
d30b762e6f1025d35f6a11b2924ebf1391c02df62cf6f36c55aa8471d77908d9
d997ecf646629f783a25170275002b9b8c76106385d3cd178c42e3495241ecc2
d9d5882531b33e029ffaa8782658b02b0042d3dbedccf2d1ab41c121633d2fae
da36d74a76edf3a9629e3c4eb78056b3b215b9279b4d6f737d6245a93849d33e
db0a944f29782c140ec0539b3600808797fca1654aa70c43441d9c4bee57595a
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
df48345539e333db055ca41300a49ed21f251a7874fe41915acacdccefa8da5c
df9c012e31d1f40f00f1ef9d49bd50ef4c94813df00204e0d31de513b17a4db5
e0625a022bd3b199157833e0338f4eae7eb814ad18da77a4f315851c3e0d2e57
e274a4700b389e60729118999163c656dddceacb3eb30fc82bc0ee3136e93922
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e602d10aeab60c205781599d1dd4e46d615c1938e62f66d5752fb08ad800fa2d
e605414c5d690913c053ec344fd3fd58b19ecd5f111fb05e4e912bc52a77fa66
e6203770d8d6ff2f5fcd1f32e88c1cd63550254bc18961b5c869b6fe53f074b4
e6a1fae9b9c1045cde15a1cd74704fb037ddc78c4f375ebbc5f197a6db64678b
e708a8a08ef1bd656355407be9d1ce4b22e8b608536560aa033188ede2b8b01c
e7f76e2011b48d4a7afbad85c48a6c7555c2260cb80603b0e3236ca6fb4ffd42
e8cd50eb5d4d6c1e18ca7bfc98f74a35a811f22a1e3fb5d141a1c9461c399aef
ebace8aa7139610c79668e84ad4af3f8d9f147e054f1a1a88a39d187892a3f7a
ebe674facbc5b1f5e8060915b29d1ddccfecfbbc5fa6ae9098da9a4231377e12
ec2f44e7dbd2ebb1268ac7e7a0602ec2106bc7fd9da17b9012db81be55cbd485
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3b31e180ec245d7d422dba9020d9c2dfe6b6b96e62a8343303479bcbf572bb
f54aed9527ac229c6a5b15e49f73aa17cdf8224171095ef9c65ccd10ecd5af49
f8797c009bda9c3135d1042ac16f93278108f724f88cf7a43fb2ef544723457d
ff070286de82b7484679470301d6185371b91d16736f7495f728311f2219f1cf